In Sharepoint there are several OTB role definitions which are created during site creation:
|Full Control||Has full control|
|Design||Can view, add, update, delete, approve, and customize|
|Contribute||Can view, add, update, and delete list items and documents|
|Read||Can view pages and list items and download documents|
|Limited Access||Can view specific lists, document libraries, list items, folders, or documents when given permissions|
|Approve||Can edit and approve pages, list items, and documents|
|Manage Hierarchy||Can create sites and edit pages, list items, and documents|
|Restricted Read||Can view pages and documents, but cannot view historical versions or user permissions|
You can access some of these role definitions via object model using SPRoleType enum using the following mapping table:
|Role name||SPRoleType member|
Note that last 3 roles have SPRoleType.None type. It means that you can’t retrieve these role definitions using SPRoleDefinitionCollection.GetByType() method. Restricted Access is special role – it is shown when e.g. user has access on some folder in the list, but not has access to the whole list or web site. In most cases you should not use this role programmatically. But what with “Manage Hierarchy” and “Approve” roles? We also can’t use SPRoleDefinitionCollection.GetByType() method in order to get them programmatically. What options do we have?
The most often approach I found during investigation is to use hardcoded literals for the role name:
This approach works, but if you have multilingual topology you will have problems, because “Manage Hierarchy” role name will be localized according to the web site name (e.g. on Finnish it will be “Hierarkian hallinta”). The best option would be retrieving of the role definition using the same way as Sharepoint uses.
After some investigation I found Microsoft.SharePoint.Publishing.Internal.StringIds class (defined in the Microsoft.SharePoint.Publishing.dll). It has a field StringIds.RoleNameHierarchyManager which seems like what I looking for. Unfortunately there is no so much information about it, so I used reflector to watch how Sharepoint uses it. Sharepoint uses these strings via internal class Microsoft.SharePoint.Publishing.Internal.Resources in the same Microsoft.SharePoint.Publishing.dll assembly like this (see Microsoft.SharePoint.Publishing.Internal.RootProvisioner.AddSecuritySettings() method):
If you will investigate Microsoft.SharePoint.Publishing.Internal.Resources class you will find that it uses Microsoft.SharePoint.Publishing.Intl.dll assembly for retrieving resource values (this assembly is located in the GAC).
So in order to retrieve role name by the same way as Sharepoint retrieves it, you have several options:
- use reflection
- create custom class which works like internal class Microsoft.SharePoint.Publishing.Internal.Resources
I will show you 2nd variant. You can use the following class in order to retrieve resource strings from Microsoft.SharePoint.Publishing.Intl.dll assembly:
Now you are able to retrieve “Manage Hierarchy” role definition programmatically without hardcoding role name:
All information from this post is also appliable for “Approve” role definition. Just instead of StringIds.RoleNameHierarchyManager you will need to use StringIds.RoleDescriptionApprover for it.