1. You can assign a permission level to an external user or groups using a SPRoleAssignment object.
SPWeb site = SPContext.Current.Web;
SPRoleDefinition role = site.RoleDefinitions["Contribute"];
SPRoleAssignment roleAssignment;
roleAssignment = new SPRoleAssignment(@"LITWAREINC\BrianC",
"brianc@litwareinc.com",
"Brian Cox",
"Notes about Brian Cox");
roleAssignment.RoleDefinitionBindings.Add(role);
site.RoleAssignments.Add(roleAssignment);
This will create a user profile in the User Information List if one does not exist, and it will also
add the user as a member of the current site's Users collection.
2. Creating a new WSS group named Site Members and assigning it the built-in Contribute
permission level within the current site.
SPWeb site = SPContext.Current.Web;
SPUser currentUser = site.CurrentUser;
// create new group
site.SiteGroups.Add("Site Members", currentUser, currentUser,
"Site Group created at " + DateTime.Now.ToString());
// assign permission level to new group
SPGroup NewGroup = site.SiteGroups["Site Members"];
SPRoleAssignment roleAssignment = new SPRoleAssignment(NewGroup);
SPRoleDefinition permLevel = site.RoleDefinitions["Contribute"];
roleAssignment.RoleDefinitionBindings.Add(permLevel);
site.RoleAssignments.Add(roleAssignment);
3. An SPGroup object exposes an AddUser method, which accepts an SPUser object, which in turn allows you to add external users and groups:
SPWeb site = SPContext.Current.Web;
SPUser currentUser = site.CurrentUser;
SPGroup group = site.SiteGroups["Site Members"];
SPUser user1 = site.SiteUsers[@"LITWAREINC\BrianC"];
SPUser user2 = site.SiteUsers[@"LITWAREINC\AllFTE"];
group.AddUser(user1);
group.AddUser(user2);
4. it's important to understand that all of the sites, lists, and list items make
up a single hierarchy of securable objects. You can be more granular about configuring access control by giving
a securable object its own unique set of permission-level assignments.
An example for creating a new document library and to configure it with a unique set of permissions.
SPWeb site = SPContext.Current.Web;
Guid listID = site.Lists.Add("Proposals",
"Library desc",
SPListTemplateType.DocumentLibrary);
SPDocumentLibrary doclib = (SPDocumentLibrary)site.Lists[ListID];
doclib.OnQuickLaunch = true;
doclib.BreakRoleInheritance(false);
SPUser AllFteGroup = Web.SiteUsers[@"LITWAREINC\AllFTE"];
SPRoleAssignment assignAllFteGroup = new SPRoleAssignment(AllFteGroup);
SPRoleDefinition roleDesign = this.Web.RoleDefinitions["Read"];
assignAllFteGroup.RoleDefinitionBindings.Add(roleDesign);
doclib.RoleAssignments.Add(assignAllFteGroup);
doclib.Update();
This sample code breaks the default permission inheritance from the parent using a call to BreakRoleInheritance.
If you call BreakRoleInheritance and pass a parameter value of true, the securable object is initially
configured with an ACL that is a copy of the parent object's ACL. If you call to BreakRoleInheritance and
pass a parameter value of false, the securable object is initially configured with an empty ACL. That means
this document library provides no access to users who are not either owners or site administrators.
5. Set unique permission on the SPListItem level.
Windows SharePoint Services 3.0 has added a welcome security enhancement that allows you to configure permissions down to
the level of the item or document. This is made possible through the WSS object model, since SPListItem objects also
implement the ISecurableObject interface.
SPWeb site = SPContext.Current.Web;
Guid listID = site.Lists.Add("Proposals",
"Library desc",
SPListTemplateType.DocumentLibrary);
SPDocumentLibrary doclib = (SPDocumentLibrary)Web.Lists[ListID];
doclib.OnQuickLaunch = true;
doclib.Update();
SPFile doc1 = WriteDocument(doclib, "Adventure Works Merger.docx");
doc1.Item.BreakRoleInheritance(false);
SPGroup group = Web.Groups["Litware Contact Managers"];
SPRoleAssignment assignContribute = new SPRoleAssignment(group);
SPRoleDefinition roleContibute = this.Web.RoleDefinitions["Contribute"];
assignContribute.RoleDefinitionBindings.Add(roleContibute);
doc1.Item.RoleAssignments.Add(assignContribute);
doc1.Item.Update();
Reference: