SPRoleDefinitionCollection Class

Represents the collection of SPRoleDefinition objects defining the role definitions that are available for use within the Web site.

Inheritance Hierarchy

System.Object
  Microsoft.SharePoint.Administration.SPAutoSerializingObject
    Microsoft.SharePoint.SPBaseCollection
      Microsoft.SharePoint.SPRoleDefinitionCollection

Namespace:  Microsoft.SharePoint
Assembly:  Microsoft.SharePoint (in Microsoft.SharePoint.dll)
Available in Sandboxed Solutions: Yes
Available in SharePoint Online

Syntax

'Declaration
<SubsetCallableTypeAttribute> _
<ClientCallableTypeAttribute(Name := "RoleDefinitionCollection", ServerTypeId := "{964b9ab0-d026-4487-99d1-e06450963cc9}",  _
    CollectionChildItemType := GetType(SPRoleDefinition))> _
Public NotInheritable Class SPRoleDefinitionCollection _
    Inherits SPBaseCollection
'Usage
Dim instance As SPRoleDefinitionCollection
[SubsetCallableTypeAttribute]
[ClientCallableTypeAttribute(Name = "RoleDefinitionCollection", ServerTypeId = "{964b9ab0-d026-4487-99d1-e06450963cc9}", 
    CollectionChildItemType = typeof(SPRoleDefinition))]
public sealed class SPRoleDefinitionCollection : SPBaseCollection

Remarks

Role definitions can be inherited from the parent SPWeb object or defined locally. In order to have unique role definitions you must have unique permissions (role assignments), but unique permissions can have either unique or inherited role definitions.

Use the RoleDefinitions property of the SPWeb class to get the collection of role definitions for a Web site. To create a role definition, use a constructor of the SPRoleDefinition class to instantiate the object, set properties on the object, and then call the Add() method to add the new role definition to the collection.

Use an indexer to return a single item from the collection. For example, if the collection is assigned to a variable named collRoleDefinitions, use collRoleDefinitions[index] in C#, or collRoleDefinitions(index) in Visual Basic, where index is either the index number of the item in the collection or a string that contains the name of the role definition.

There is not a method to retrieve user role assignments on a SharePoint Foundation list object. However, the code below allows you to retrieve this list.

private void AddListRoleAssignmentNodes(SPList objList)
{ 
   try
   {
      if (objList.HasUniqueRoleAssignments)
      {
         SPRoleAssignmentCollection oRoleAssignments =
            objList.RoleAssignments;

         foreach (SPRoleAssignment oRoleAssignment in oRoleAssignments)
         {
            SPPrincipal oPrincipal = oRoleAssignment.Member;
            try
            {
               // Retrieve users having explicit permissions on the list
               SPUser oRoleUser = (SPUser)oPrincipal;
            }
            catch (Exception ex)
            {
               string msg = ex.Message;
            }
            try
            {
               // Retrieve user groups having permissions on the list
               SPGroup oRoleGroup = (SPGroup)oPrincipal;

               if (oRoleGroup.Users.Count > 0)
               { 
                  string strGroupName = oRoleGroup.Name;
                  // Add code here to retrieve Users inside this User-Group
               }
            }
            catch (Exception ex)
            {
               string msg = ex.Message;
            }
         }
      }
   }
   catch (Exception ex)
   {
      string msg = ex.Message;
   }
}
Private Sub AddListRoleAssignmentNodes(ByVal objList As SPList)
   Try
     If objList.HasUniqueRoleAssignments Then
       Dim oRoleAssignments As SPRoleAssignmentCollection = objList.RoleAssignments

       For Each oRoleAssignment As SPRoleAssignment In oRoleAssignments
         Dim oPrincipal As SPPrincipal = oRoleAssignment.Member
         Try
            ' Retrieve users having explicit permissions on the list
            Dim oRoleUser As SPUser = CType(oPrincipal, SPUser)
         Catch ex As Exception
            Dim msg As String = ex.Message
         End Try
         Try
            ' Retrieve user groups having permissions on the list
            Dim oRoleGroup As SPGroup = CType(oPrincipal, SPGroup)

            If oRoleGroup.Users.Count > 0 Then
              Dim strGroupName As String = oRoleGroup.Name
              ' Add code here to retrieve Users inside this User-Group
            End If
         Catch ex As Exception
            Dim msg As String = ex.Message
         End Try
       Next oRoleAssignment
     End If
   Catch ex As Exception
     Dim msg As String = ex.Message
   End Try
End Sub

Examples

After breaking role definition inheritance, the following code example creates a role definition that includes all rights except ManagePermissions; it also sets property values and adds the new role definition to the collection of role definitions for a site.

string strRoleName = "Custom Role Definition";
using (SPSite oSiteCollection = new SPSite("http://Server_Name/Subsite1"))
{
    using (SPWeb oWebsite = oSiteCollection.OpenWeb())
    {

        if (!oWebsite.HasUniqueRoleDefinitions)
        {
            oWebsite.RoleDefinitions.BreakInheritance(true, true);
        }

        SPRoleDefinition oRoleDefinition = new SPRoleDefinition();
        oRoleDefinition.Name = strRoleName;
        oRoleDefinition.Description = "A role definition with all rights except ManagePermissions";
        oRoleDefinition.BasePermissions = SPBasePermissions.FullMask ^ SPBasePermissions.ManagePermissions;
        oWebsite.RoleDefinitions.Add(oRoleDefinition);
    }
}
Dim strRoleName As String = "Custom Role Definition"
Using oSiteCollection As New SPSite("http://Server_Name/Subsite1")
   Using oWebsite As SPWeb = oSiteCollection.OpenWeb()

      If Not oWebsite.HasUniqueRoleDefinitions Then
         oWebsite.RoleDefinitions.BreakInheritance(True, True)
      End If

      Dim oRoleDefinition As New SPRoleDefinition()
      oRoleDefinition.Name = strRoleName
      oRoleDefinition.Description = "A role definition with all rights except ManagePermissions"
      oRoleDefinition.BasePermissions = SPBasePermissions.FullMask Xor SPBasePermissions.ManagePermissions
      oWebsite.RoleDefinitions.Add(oRoleDefinition)
   End Using
End Using

Note

Certain objects implement the IDisposable interface, and you must avoid retaining these objects in memory after they are no longer needed. For information about good coding practices, see Disposing Objects.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

SPRoleDefinitionCollection Members

Microsoft.SharePoint Namespace

RoleDefinitions