{"id":1155,"date":"2007-03-12T16:05:00","date_gmt":"2007-03-12T21:05:00","guid":{"rendered":"http:\/\/blogs.devhorizon.com\/reza\/?p=1155"},"modified":"2012-06-30T23:54:18","modified_gmt":"2012-07-01T04:54:18","slug":"role-based-security-model-in-wss-30-part2","status":"publish","type":"post","link":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/","title":{"rendered":"Role-based security model in WSS 3.0 &#8211; Part2"},"content":{"rendered":"<p>Title: <strong>Subsites with unique Role Assignments<\/strong><!--?xml:namespace prefix = o ns = \"urn:schemas-microsoft-com:office:office\" ?--><\/p>\n<p>&nbsp;<\/p>\n<p>This is the second article in a series about Role-based security model in WSS 3.0. In <a href=\"\/blogs\/reza_on_blogging\/archive\/2007\/03\/12\/457.aspx\">part1 <\/a>, I described the basics about this model and in this part , I am going to explain how to create subsites with unique Role Assignments.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>1)<\/strong> First, let&#8217;s create a subsite:<\/p>\n<p>&nbsp;<\/p>\n<p>SPWeb web = SPContext.Current.Web;<br \/>\nSPWebCollection spwc = web.Webs;<br \/>\nSPWeb newweb = spwc.Add(this._txtBoxSiteName.Text.Trim(), this._txtBoxSiteName.Text.Trim(),&#8221;This site is created programatically&#8221;, web.Language, templateCreateWeb,true, false);<br \/>\nnewweb.AllowUnsafeUpdates = true;<br \/>\n<strong>2)<\/strong> Now we need to break the role assignments for the newly created site\u00a0:<\/p>\n<p>&nbsp;<\/p>\n<p>newweb.BreakRoleInheritance(false);<br \/>\n<strong>3)<\/strong> This step is to create 3 custom site groups for Visitors, Members and Owners:<br \/>\n\/\/Setup Custom Owner Site Group<br \/>\ngrpOwnersName = newweb.Name + &#8221; Owners Group&#8221;;<br \/>\nnewweb.SiteGroups.Add(grpOwnersName, web.AssociatedOwnerGroup, null, string.Format(&#8220;This group is automatically created from the parent class site:<a href=\"http:\/\/blogs.devhorizon.com\/&quot;{0}\/&quot;\">{1}<\/a>&#8220;, newweb.Url, newweb.Name));<br \/>\nSPGroup grpOwners = GetSiteGroup(newweb, grpOwnersName);<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/Setup Custom Members Site Group<br \/>\ngrpMembersName = newweb.Name + &#8221; Members Group&#8221;;<br \/>\nnewweb.SiteGroups.Add(grpMembersName, web.AssociatedOwnerGroup, null, string.Format(&#8220;This group is automatically created from the parent class site:<a href=\"http:\/\/blogs.devhorizon.com\/&quot;{0}\/&quot;\">{1}<\/a>&#8220;,newweb.Url,newweb.Name));<br \/>\nSPGroup grpMembers = GetSiteGroup(newweb, grpMembersName);<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/Setup Custom Visitors Site Group<br \/>\ngrpVisitorsName = newweb.Name + &#8221; Vistors Group&#8221;;<br \/>\nnewweb.SiteGroups.Add(grpVisitorsName, web.AssociatedOwnerGroup, null, string.Format(&#8220;This group is automatically created from the parent class site:<a href=\"http:\/\/blogs.devhorizon.com\/&quot;{0}\/&quot;\">{1}<\/a>&#8220;, newweb.Url, newweb.Name));<\/p>\n<p>&nbsp;<\/p>\n<p>SPGroup grpVistors = GetSiteGroup(newweb, grpVisitorsName);<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>4)<\/strong> In order for SharePoint to recognize our custom groups as the site&#8217;s associated vistors,members and owners group , you need to update the following properties in your new web bucket:<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/Assign Custom Groups To Counterpart Associate Groups<br \/>\nnewweb.Properties[&#8220;vti_associateownergroup&#8221;] = grpOwners.ID.ToString();<br \/>\nnewweb.Properties[&#8220;vti_associatemembergroup&#8221;] = grpMembers.ID.ToString();<br \/>\nnewweb.Properties[&#8220;vti_associatevisitorgroup&#8221;] = grpVistors.ID.ToString();<br \/>\nnewweb.Properties[&#8220;vti_associategroups&#8221;] = string.Format(&#8220;{0};{1};{2}&#8221;, grpOwners.ID.ToString(), grpMembers.ID.ToString(), grpVistors.ID.ToString()); \/\/show custom groups in the quick launch when users navigate to &#8220;People and Groups&#8221;<br \/>\nnewweb.Properties.Update();<\/p>\n<p>newweb.Update();<\/p>\n<p>&nbsp;<\/p>\n<p><strong>5)<\/strong> Now that our custom site groups are properly set up , we need to populate them with the appropriate users. In this example I am getting users from their counterpart group in the parent site:<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/Add Users To The Owners Custom Site Group<br \/>\nforeach (SPUser spu in web.AssociatedOwnerGroup.Users)<br \/>\n{<br \/>\nnewweb.SiteGroups[grpOwnersName].AddUser(spu);<br \/>\n}<\/p>\n<p>\/\/Add Users To The Members Custom Site Group<br \/>\nforeach (SPUser spu in web.AssociatedMemberGroup.Users)<br \/>\n{<br \/>\nnewweb.SiteGroups[grpMembersName].AddUser(spu);<br \/>\n}<\/p>\n<p>&nbsp;<\/p>\n<p><strong>6)<\/strong> This is the most important step in which we actually assign the permissions to the groups and as described in part1, we create Role Assignments for doing so:<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/ Set Permissions For Owners Custom Site Group<br \/>\ngroupID = int.Parse(newweb.Properties[&#8220;vti_associateownergroup&#8221;]);<br \/>\ngroup = newweb.SiteGroups.GetByID(groupID);<br \/>\nif (group != null)<br \/>\n{<br \/>\nassignment = new SPRoleAssignment(group);<br \/>\nrole = newweb.RoleDefinitions[&#8220;Full Control&#8221;];<br \/>\nassignment.RoleDefinitionBindings.Add(role);<br \/>\nnewweb.RoleAssignments.Add(assignment);<br \/>\n}<\/p>\n<p>&nbsp;<\/p>\n<p>\/\/ Set Permissions For Owners Custom Site Group<br \/>\ngroupID = int.Parse(newweb.Properties[&#8220;vti_associatemembergroup&#8221;]);<br \/>\ngroup = newweb.SiteGroups.GetByID(groupID);<br \/>\nif (group != null)<br \/>\n{<br \/>\nassignment = new SPRoleAssignment(group);<br \/>\nrole = web.RoleDefinitions[&#8220;Contribute&#8221;];<br \/>\nassignment.RoleDefinitionBindings.Add(role);<br \/>\nnewweb.RoleAssignments.Add(assignment);<br \/>\n}<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>After all these steps, result is a sub site that is NOT inheriting its membership from its parent. This site has three sharepoint site groups in it to which you can add more users and manage them independently from its parent site.<\/p>\n<p>&nbsp;<\/p>\n<hr align=\"left\" noshade=\"noshade\" size=\"10\" width=\"50%\" \/>\n","protected":false},"excerpt":{"rendered":"<p>Title: Subsites with unique Role Assignments &nbsp; This is the second article in a series about Role-based security model in WSS 3.0. In part1 , I described the basics about this model and in this part , I am going to explain how to create subsites with unique Role Assignments. &nbsp; 1) First, let&#8217;s create [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42],"tags":[],"class_list":["post-1155","post","type-post","status-publish","format-standard","hentry","category-general"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Role-based security model in WSS 3.0 - Part2 - Reza Alirezaei&#039;s Blog %<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Reza Alirezaei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/\"},\"author\":{\"name\":\"Reza Alirezaei\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\"},\"headline\":\"Role-based security model in WSS 3.0 &#8211; Part2\",\"datePublished\":\"2007-03-12T21:05:00+00:00\",\"dateModified\":\"2012-07-01T04:54:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/\"},\"wordCount\":570,\"commentCount\":0,\"articleSection\":[\"General\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/\",\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/\",\"name\":\"Role-based security model in WSS 3.0 - Part2 - Reza Alirezaei's Blog %\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#website\"},\"datePublished\":\"2007-03-12T21:05:00+00:00\",\"dateModified\":\"2012-07-01T04:54:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2007\\\/03\\\/12\\\/role-based-security-model-in-wss-30-part2\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#website\",\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/\",\"name\":\"Reza Alirezaei's Blog\",\"description\":\"Blogging from the field!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\",\"name\":\"Reza Alirezaei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"caption\":\"Reza Alirezaei\"},\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/author\\\/rezaa\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Role-based security model in WSS 3.0 - Part2 - Reza Alirezaei's Blog %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/","twitter_misc":{"Written by":"Reza Alirezaei","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/#article","isPartOf":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/"},"author":{"name":"Reza Alirezaei","@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938"},"headline":"Role-based security model in WSS 3.0 &#8211; Part2","datePublished":"2007-03-12T21:05:00+00:00","dateModified":"2012-07-01T04:54:18+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/"},"wordCount":570,"commentCount":0,"articleSection":["General"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/","url":"https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/","name":"Role-based security model in WSS 3.0 - Part2 - Reza Alirezaei's Blog %","isPartOf":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/#website"},"datePublished":"2007-03-12T21:05:00+00:00","dateModified":"2012-07-01T04:54:18+00:00","author":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.devhorizon.com\/reza\/2007\/03\/12\/role-based-security-model-in-wss-30-part2\/"]}]},{"@type":"WebSite","@id":"https:\/\/blogs.devhorizon.com\/reza\/#website","url":"https:\/\/blogs.devhorizon.com\/reza\/","name":"Reza Alirezaei's Blog","description":"Blogging from the field!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.devhorizon.com\/reza\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938","name":"Reza Alirezaei","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","caption":"Reza Alirezaei"},"url":"https:\/\/blogs.devhorizon.com\/reza\/author\/rezaa\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts\/1155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/comments?post=1155"}],"version-history":[{"count":2,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts\/1155\/revisions"}],"predecessor-version":[{"id":1377,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts\/1155\/revisions\/1377"}],"wp:attachment":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/media?parent=1155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/categories?post=1155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/tags?post=1155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}