Sriram Rajamanuri

Hi,

Whenever I create a group, its scope seems to be global (across the entire site collection). (Even if I do not 'inherit' the permissions from parent)..

Is there a way I can have all the sub-sites (these sub sites are created from a template) have a group with same name but the members of that group be different

that is, i want to have something as follows (alternative to this is by creating 'permission' and adding users to that permission for a particular subsite):

ParentSite

+SubSite1

+Group

+Member1

+Member2

+SubSite2

+Group

+Member3

+Member4

Thanks

Sriram




Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

Sriram Rajamanuri

I guess I found the answer - What was 'site group' in WSS V2 is called 'Role Definition' or 'Permission Level' in WSS V3.

So, I need to have 'Role Definitions' for the aforementioned situation..






Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

Vidhyut Arora

Dear Sriram,

You 'guessed' that you found the answer, congrats for that.

However, the solution you found is not matching to the problem you posted.

I am facing a similar scenario. I have a top-level site and various nested subsites. I have created similar named Permission Levels on the top-level site. I want to have these permission levels mapped to certain sharepoint groups. Till now everything works fine.

What I want to achieve is inherit parent permissions, but have different users in the sharepoint groups for different sites. This is not happening.

Let me state an example:

Site Heirarchy:

Top-level Site (TLS)

SubSite 1 (SS1)

SS2

SS3

Permission Levels and Sharepoint Groups:

Admin

Manager

Employee

Reader

Now if I am adding a 'User1' under the group 'Employee' for sub-site SS3, the same user 'User1' gets added to the group 'Employee' for sub-site SS1 and SS2 also. This is not what I intend to have. I want to have same permissions and groups across my sub-sites, but having exclusive list of users.

Would appreciate if you could suggest a solution to this.

Thanks,





Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

Sriram Rajamanuri

The scope for groups is 'site collection' (TLS and all its subweb(s)).

scope for 'Permission' is a particular site (SS1/SS2/SS3/TLS).

That said, you need to add a unique 'Permission' (at TLS) and assign users to that 'Permission' for a given site(SS1/SS2..).

In your example, you would need to create a Permission(Employee) at 'TLS'. Then, associate emp1 to the permission(Employee) for a given site(SS1.. SSn).... This way, emp1 would not be able to view any other site(s) other than the ones to which he is associated to. (remember, Employee was created at TLS and is 'available' to all its subwebs...)

This approach works for me.

Hope this helps.Let me know if you need more info...






Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

lisaa

I'm trying to do a similar thing where I have many sub sites that I'd like to have the same permission level but different users assigned to that level. I've created the permission level called Site Admin, which has all rights checked. (I.e., should be equivalent to a user with "Full Control") on a test sub site and assigned some users to that level. However, I'm having a problem with writing the proper code to check the permissions. I basically want to know if the user has "Full Control" before showing a portion of the UI. The problem is that I'm doing impersonation using the following technique (http://www.sharepointblogs.com/mirjam/archive/2006/11/02/impersonation-in-sharepoint-2007.aspx) so the current user is my impersonated user. Therefore, using the methods web.DoesUserHavePermissions always returns true. How would I write the code to walk through the site users and check their permission level

Attempt #1:

Code Snippet

SPRoleDefinitionBindingCollection roleDefBindings = subWeb.AllRolesForCurrentUser;

foreach (SPRoleDefinition itm in roleDefBindings)
{
if (roleDefBindings.Contains(subWeb.RoleDefinitions["Full Control"]))

{

bHasAdminRights = true;

break;

}

}

Problem: roleDefBindings.Count always returns 0.


Attempt #2:

Code Snippet

bool hasAdminRights = subWeb.DoesUserHavePermissions((SPBasePermissions)(SPBasePermissions.FullMask));

The problem is that this always returns true because of the impersonation.





Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

Sriram Rajamanuri

Try this:

SPWeb objWeb = SPContext.Current.Web;

string strCurrentUser = objWeb.CurrentUser.Login;

if (objWeb.Roles["SiteAdmin"].Users.Xml.Contains(strCurrentUser))

{

//DO SOMETHING

}






Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

lisaa

I had to modify the code to the following in order to get it work:

Code Snippet

foreach (SPUser user in subWeb.Roles["Full Control"].Users)
{
if (user.LoginName.ToUpper().CompareTo(sCurrentUser.ToUpper()) == 0 )

{
hasAdminRights = true;

break;

}
}

If I did this:

Code Snippet
subWeb.Roles["Full Control"].Users.Xml.Contains(sCurrentUser)

I received the following security exception:

Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

While this will get the code working, it's using a deprecated method in WSS 3.0 so we'll still need to look for a better solution.

Thanks for the tip.





Re: SharePoint - Development and Programming wss v3: how to : same group name across different sites in site collection

lisaa

Here is an update using the WSS 3.0 object model:

Code Snippet
SPRoleAssignmentCollection assignments = subWeb.RoleAssignments;
SPRoleAssignment userAssign = assignments.GetAssignmentByPrincipal((SPPrincipal)oSite.CurrentUser);
bool hasAdminRights = userAssign.Member.Roles.Xml.Contains(strAdminLevelName);