Export (0) Print
Expand All
12 out of 13 rated this helpful - Rate this topic

Elevation of Privilege

Windows SharePoint Services 3

Elevation of privilege is a new feature of Windows SharePoint Services 3.0that enables you to programmatically perform actions in code using an increased level of privilege. The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(Microsoft.SharePoint.SPSecurity.CodeToRunElevated) method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.

A standard usage of RunWithElevatedPrivileges is:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    // do things assuming the permission of the "system account"
});

Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes.  For example:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
       // do things assuming the permission of the "system account"
    }
});

Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them. 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.