Second Life of a Hungarian SharePoint Geek

August 30, 2013

Granting the Limited Access permission level

Filed under: Security, SP 2010, Tips & Tricks — Tags: , , — Peter Holpar @ 02:01

I read statements like this several times on various blogs and in technical articles:

Limited Access is a special permission level that cannot be assigned to a user or group directly.” (source)

However, this is only the half of the truth.

Assume, you have a role assignment (SPRoleAssignment) that contains a reference to the Limited Access role definition (SPRoleDefinition):

web.RoleDefinitions["Limited Access"];

or

web.RoleDefinitions.GetByType(SPRoleType.Guest);  // “Users cannot be added explicitly to the Guest role” again… (source)

It’s true, that when you use the “standard” overload of the Add method of the SPRoleAssignmentCollection, SPRoleAssignmentCollection.Add(SPRoleAssignment) with this role assignment, you get an exception like this:

You cannot grant a user the limited access permission level.

But if you use the other overload, SPRoleAssignmentCollection.Add(SPPrincipal), it does just that, grants the principal the Limited Access permissions.

For example:

web.RoleAssignments.Add(group);

grants the group the Limited Access permission on the web site.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: