In SharePoint, if you don’t define the permissions of a
user, a role or a group on a specific list, the permissions that are defined at
site level will be inherited. But you can define a unique permission collection
for a user, a role, or a group on a specific list. In our example, the manager
role has all the list permissions including Manage Lists, Cancel Check-Out, Add
Items, Edit Items, Delete Items, and View Items on all the lists, except only
Add Items, Edit Items, Delete Items, and View Items on Shared Documents.
We use the same web method to update list permission as we
did to update site permissions. Listing 4 shows the code to do that.
UpdatePermission is not required and can be combined into AddPermission, but for
illustrate purpose, I list them separately.
Listing 4 – Updating role permission on a list
ws_Permissions.Permissions ws = newws_Permissions.Permissions();
NetworkCredential nc = newNetworkCredential(sUserName, sPassword, sDomain);
ws.Credentials = nc;
ws.Url = sOneSubSite +@"/_vti_bin/permissions.asmx";
int iMask = 0x00000001;
ws.AddPermission("Shared Documents","List", "Manager", "role", iMask);
int iMask2 =0x00000001|0x00000002|0x00000004|0x00000008;
ws.UpdatePermission("Shared Documents","List", "Manager", "role", iMask2);
The SharePoint web services that Microsoft has provided are
very powerful. Developers can programmatically do everything with SharePoint