Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows SharePoint Services
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
SDK Documentation
General Reference
 Elevation of Privilege

  Switch on low bandwidth view
Community Content
In this section
Statistics Annotations (0)
Elevation of Privilege

Elevation of privilege is a new feature of Windows SharePoint Services 3.0 that enables you to programmatically perform actions in code using an increased level of privilege. The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(Microsoft.SharePoint.SPSecurity.CodeToRunElevated) method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.

A standard usage of RunWithElevatedPrivileges is:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    // do things assuming the permission of the "system account"
});

Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes.  For example:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
       // do things assuming the permission of the "system account"
    }
});

Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them. 

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Common error with RunWithElevatedPrivileges      daniel.larson ... mahongzhou   |   Edit   |   Show History

Be sure to create a new SPSite which is the root security reference while you're impersonating. Here's a small code snippet:

   SPWeb web = SPContext.Current.Web;
   SPUser user = web.CurrentUser; // the calling user
   // Uses the SHAREPOINT\system creds with the SPUser's identity reference of user
   SPSecurity.RunWithElevatedPrivileges(delegate() {
     // Gets a new security context using SHAREPOINT\system
     using (SPSite site = new SPSite(this.Page.Request.Url.ToString())) {
       using (SPWeb thisWeb = site.OpenWeb()) {
         thisWeb.AllowUnsafeUpdates = true;
         SPList theList = thisWeb.Lists[listName];
         SPListItem record = theList.Items.Add();
         record["User"] = user; // calling user
         record.Update(); // uses SHAREPOINT\system
       }
     }
   });

For more info, read my post @ http://daniellarson.spaces.live.com/blog/cns!D3543C5837291E93!927.entry

Also, you should dispose of the SPSite object created within the RunWithElevatedPrivileges() before exiting the scope, because that SPSite will still have the SHAREPOINT\system identity even outside of the RunWithElevatedPrivileges() scope.

RunWithElevatedPrivileges() has no effect when running in a standalone exe.

Tags What's this?: Add a tag
Flag as ContentBug
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker