Check permission in SharePoint

If you check permissions in SharePoint via Webservices (e.g. “Permissions.GetPermissionCollection“), you get permission masks. In order to interpret the values and their roles, you need to understand the mapping of the roles and their hexadecimal values:

Permission Name Hex (base 16) Decimal
EmptyMask 0x0000000000000000 0
List and Document permission
ViewListItems 0x0000000000000001 1
AddListItems 0x0000000000000002 2
EditListItems 0x0000000000000004 4
DeleteListItems 0x0000000000000008 8
ApproveItems 0x0000000000000010 16
OpenItems 0x0000000000000020 32
ViewVersions 0x0000000000000040 64
DeleteVersions 0x0000000000000080 128
CancelCheckout 0x0000000000000100 256
ManagePersonalViews 0x0000000000000200 512
ManageLists 0x0000000000000800 2048
ViewFormPages 0x0000000000001000 4096
Web level permission
Open 0x0000000000010000 65536
ViewPages 0x0000000000020000 131072
AddAndCustomizePages 0x0000000000040000 262144
ApplyThemeAndBorder 0x0000000000080000 524288
ApplyStyleSheets 0x0000000000100000 1048576
ViewUsageData 0x0000000000200000 2097152
CreateSSCSite 0x0000000000400000 4194314
ManageSubwebs 0x0000000000800000 8388608
CreateGroups 0x0000000001000000 16777216
ManagePermissions 0x0000000002000000 33554432
BrowseDirectories 0x0000000004000000 67108864
BrowseUserInfo 0x0000000008000000 134217728
AddDelPrivateWebParts 0x0000000010000000 268435456
UpdatePersonalWebParts 0x0000000020000000 536870912
ManageWeb 0x0000000040000000 1073741824
UseRemoteAPIs 0x0000002000000000 137438953472
ManageAlerts 0x0000004000000000 274877906944
CreateAlerts 0x0000008000000000 549755813888
EditMyUserInfo 0x0000010000000000 1099511627776
Special Permissions
EnumeratePermissions 0x4000000000000000 4611686018427387904
FullMask 0x7FFFFFFFFFFFFFFF 9223372036854775807

If a user has a specific permission you have to convert the decimal values you will get by the Webservice to hexadecimal values.

In this example we check if the user can edit a list item based on the decimal mask value (as string):

private bool CanEditItem(string maskValue)
{
const ulong emptyPermission = 0UL;
//Edit List items
const ulong needPermission = 4UL;
ulong mask;
if (!UInt64.TryParse(maskValue, out mask)) { return true; }
if (mask == emptyPermission) { return true; }
if ((needPermission & mask) == needPermission) { return true; }
return false;
}

Sources: http://jamestsai.net/Blog/post/Understand-SharePoint-Permissions-Part-1-SPBasePermissions-in-Hex2c-Decimal-and-Binary-The-Basics.aspx

This entry was posted in Development, SharePoint, SharePoint 2007, SharePoint 2010. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>