Second Life of a Hungarian SharePoint Geek

July 16, 2013

Accessing group permissions from C# code using Reflection

Filed under: Reflection, Security, SP 2010 — Tags: , , — Peter Holpar @ 22:08

Probably you know that the permission levels for a specific group can be displayed on the SharePoint UI when selecting View Group Permissions from the group Settings menu.


A sample below shows a typical result displayed on the page.


It would be however nice to achieve the same data from a custom application as well.

The data above is presented through the /_layouts/ViewGroupPermissions.aspx page, by private CreateDataTable method of the Microsoft.SharePoint.WebControls.GroupPermissions control (Microsoft.SharePoint assembly). This method calls the proc_SecGetGroupSecurityScopes stored procedure in the content database and returns the results as a DataTable with two columns: ScopeUrl contains the URL of the resource embedded into HTML text, and Role is the Permission Level (see private AddRow method of the GroupPermissions  class.

To be able to invoke the CreateDataTable method vie Reflection without receiving a NullReferenceException, we should inject an SPContext (see implementation details here), and a dummy Page object (as it is being referenced in the AddRow method). Having these two objects, the call itself is rather simple. We should cast the result object to DataTable, iterate through its Rows collection and parse the URL from the HTML text using a Regex in the ScopeUrl column of the DataTable.

Code Snippet
  1. using (SPSite site = new SPSite(""))
  2. {
  3.     using (SPWeb web = site.OpenWeb())
  4.     {
  5.         // inject fake context
  6.         HttpRequest request = new HttpRequest(string.Empty, web.Url, string.Empty);
  7.         HttpResponse response = new HttpResponse(new System.IO.StreamWriter(new System.IO.MemoryStream()));
  8.         HttpContext dummyContext = new HttpContext(request, response);
  9.         dummyContext.Items["HttpHandlerSPWeb"] = web;
  10.         HttpContext.Current = dummyContext;
  11.         var groupPermissions = new GroupPermissions();
  12.         // set your group here
  13.         int groupId = web.SiteGroups["Team Site Owners"].ID;
  14.         groupPermissions.GroupId = groupId;
  15.         // set dummy Page
  16.         groupPermissions.Page = new Page();
  17.         // invoke private CreateDataTable method
  18.         var groupPermissionsType = groupPermissions.GetType();
  19.         var mi_CreateDataTable = groupPermissionsType.GetMethod("CreateDataTable", BindingFlags.NonPublic | BindingFlags.Instance);
  20.         DataTable results = mi_CreateDataTable.Invoke(groupPermissions, null) as DataTable;
  21.         // process results
  22.         if (results != null)
  23.         {
  24.             foreach (DataRow row in results.Rows)
  25.             {
  26.                 string rawScopeUrl = row["ScopeUrl"] as string;
  27.                 string scopeUrl = rawScopeUrl;
  28.                 string regExpPattern = "<span dir=\"ltr\">(?<scopeUrl>.*?)</span>";
  29.                 Regex regex = new Regex(regExpPattern);
  30.                 Match match = regex.Match(rawScopeUrl);
  31.                 if (match.Success)
  32.                 {
  33.                     scopeUrl = match.Groups["scopeUrl"].Value;
  34.                 }
  35.                 Console.WriteLine("[{0}] – [{1}]", scopeUrl, row["Role"]);
  36.             }
  37.         }
  38.     }
  39. }

And the output:


That is the C# implementation. In my next post I try to achieve the same using PowerShell.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: