Getting the right set of permissions when creating a custom permission level in PowerShell
March 7, 2013
Posted by on
Despite all its power and flexibility, developing PowerShell scripts feels like a dev experience that could be had 15 years ago. Often, we find ourselves creating prototypes in VS.NET first, before diving into the murky waters of visual PowerShell editors. Having that off our chest, suppose you’re creating a PS script that creates a new SharePoint permission level. The code is not too hard, something like:
$CustomPermissions = New-Object Microsoft.SharePoint.SPRoleDefinition
$CustomPermissions.Name = “TheName”
$CustomPermissions.BasePermissions=”ViewListItems, AddListItems, EditListItems, OpenItems, ViewVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, etc., etc.”
Now, what’s the easiest way to get to the permission mask you want? We do this:
- Create it first via the SharePoint UI (Site Actions > Site Settings > Site Permissions > Permission Levels).
- Create a C# program in Visual Studio that loops thru all permission levels until you find the one you created.
- Add the object holding the permission level to the QuickWatch window.
- Open the XML property using the XML visualizer.
- Copy the value of the BasePermissions attribute and use that string value in your PS script.
The C# code (run from a C# Console Application) looks like this:
using (SPSite site = new SPSite(“http://moon”))
using (var web = site.OpenWeb())
foreach (SPRoleDefinition roleDef in web.RoleDefinitions)