Thursday, July 14, 2016

Run code with elevated privileges in SharePoint

RWEP (Run With Elevated Privileges) method will execute code to supply a delegate that runs a set of code in the context of an the Application Pool identity  account ( which has site collection administrator privileges on all site collections hosted by that application pool ) instead of the logged in user, essentially giving that user Administrator Level Permissions in a confined space.

Basically the code executed inside this method has "System Account" privileges in addition to the current user privileges or in a better way - we can tell that this method runs under the Application Pool identity, which has site collection administrator privileges on all site collections hosted by that application pool.

But sometimes we used to get "Access denied" even if we use code within RWEP method,looks strange but there are fact under which RWEP will work perfectly and the criteria's are


You should not use old references to SPWeb or SPSite instances inside your delegate, since these objects will hold the permissions of currently signed user, So you need to create new SPSite and SPWeb instances using the Ids of the sites and webs you already have a created, like this:

private void CustomFunction()
{
            // Non-Elevated Permission Code Goes Here

            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                         SPSite site = SPContext.Current.Site;   
                         SPWeb web = SPContext.Current.Web;
                          //New SPSite object.
                         using (SPSite newsite = new SPSite(Site.ID))
                         {
                                      //New SPWeb object.
                                     using (SPWeb newWeb = newSite.OpenWeb(web.ID))
                                     {
                                    //Do things by assuming the permission of the "system account".
                                      }
                        }
            });  // Note the Brackets used while creating delegate
}

Example:

private void CustomFunction()
{
      SPSite site = SPContext.Current.Site;
      SPWeb web = SPContext.Current.Web;

      SPSecurity.RunWithElevatedPrivileges(delegate()
      {
            using (SPSite newSite = new SPSite(site.ID))
            {
                  using (SPWeb newWeb = newSite.OpenWeb(web.ID))
                  {
                        list = newWeb.Lists["ElevatedListTest"];
                        SPListItem newItem = list.Items.Add();
                       
                        // Do stuff to create the list item
 
                        newWeb.AllowUnsafeUpdates = true;
                        newItem["Title"] = "Testing Title";
                        newItem.Update();
                                          list.Update();
                        newWeb.AllowUnsafeUpdates = false;
                  }
            }
       });
}

No comments:

Post a Comment