I want to know if something is missing. Here's how I do it: For SPFolder, I would change the item's associated permissions (SPFolder.Item). Therefore, I believe that managing SPFolder permissions boils down to managing SPListItem permissions. For SPListItem, I would inherit role inheritance with SPListItem.BreakRoleInheritance() , and then work with the RoleAssignments collections, adding and removing roles there.
I wonder if RoleAssignments is the only way to manage SPListItem permissions (other than inheritance) and there is a way to manage individual permissions without roles. There is also the EffectiveBasePermissions property, but I'm not sure.
So the question is: are there any other ways (besides inheritance) to manage SPListItem permissions other than the RoleAssignments collection?
@Edit: there is also AllRolesForCurrentUser, but I think you can get the same information from the RoleAssignments property, so this is just for convenience.
@Edit: As Flo notes in his answer, a setup problem
folder.ParentWeb.AllowUnsafeUpdates = true;
And using BreakRoleInheritance with the argument "false" (that is, without copying the permissions of the parent object).
folder.Item.BreakRoleInheritance(false);
BreakRoleInheritance simply will not work with a GET request, as you would expect after allowing unsafe updates. Presumably, the method resets AllowUnsafeUpdates back to false.
The workaround I know for this is to manually remove the inherited permissions after BreakRoleInheritance (true), for example:
folder.Item.BreakRoleInheritance(false); while(folder.Item.RoleAssignments.Count > 0) { folder.Item.RoleAssignments.Remove(0); }
Thanks!
security sharepoint permissions
axk
source share