| Hot Post(s) Now |
| Free SharePoint 2010 Web Parts |
| SharePoint HR |
| SharePoint Tutorial (See Also) |
| In my first post regarding creating SharePoint Web Part, we covered how to read data from a SharePoint list. But what if I want to give this Web Part for a user who doesn’t have an access to this list? Or how I can control the security in my web part? Or I need my users to access some information from the list record but not the rest of it. In many cases in SharePoint development we faces this issues, we stored data in a list for all users, |
but no one has an access for other user’s data, so there is only two solutions in this case:
- * Either to create a custom security for each record in that list which is a very hard to do especially if this list keeps updating. As well this solution is not applicable in many cases like field or column security.
- * Or to not allow anyone to access this list and create a SharePoint Web Part with special security to let the user read his own data only.
In this post we will enhance the previous post by adding a security code to our web part, which gives the end user the ability to read data from a list even if he/she doesn’t have an access to this list. To do so all we need is to add our magical line in the right place and that’s it, but before that we will describe what and how and where.
We need to use a property called “RunWithElevatedPrivileges” which is inherited from SPSecurity Class like this:
SPSecurity.RunWithElevatedPrivileges(New SPSecurity.CodeToRunElevated(AddressOf
functionName))
Yes it is as simple as this but we have to take in consideration that the function name should not take any parameters or return any.
Now we will use the above code in our web part “Sample1” and see how we can use it.
- Instead of writing the code body immediately inside our BtnGet_Click(Check Post1) we will but that code in a separate sub, so our code will have a new sub called “ReadData” and it will look like the following:
Sub ReadData()
Dim SPListVar As SPList ‘SharePoint
List
Dim SPColl As SPListItemCollection ‘Define a list item Collection
Using Site1 As New SPSite(Me.Context.Request.Url.ToString)
‘Define the site
Using Web1 AsSPWeb =Site1.OpenWeb ‘Define the web
SPListVar = Web1.Lists(“TmpList“) ‘Point to the required list “TmpList” is the list name in your SharePoint server.
End Using
End Using
SPColl = SPListVar.GetItems() ‘ Fill the List item collection
with the return data
Dim i As
Integer = 0
While i < SPColl.Count
Label1.Text = Label1.Text + SPColl.Item(i).Item(“Title”).ToString + “<BR>”
‘Read every record and put it in a new line in the Label
control
i= i + 1
End While
End Sub
- Now we need to add our security code to BtnGet_Click so it will look like the following:
Private Sub BtnGet_Click(ByVal sender As
Object, ByVal e As System.EventArgs) Handles BtnGet.Click
SPSecurity.RunWithElevatedPrivileges(New SPSecurity.CodeToRunElevated(AddressOf ReadData))
End Sub
- Deploy and test the web part with user doesn’t have “read access” to our list and see how it can read the data. For more information regarding deploying the Web Part on SharePoint 2010 server check this detailed articles “Deploy SharePoint 2010 custom web parts“
| Hot Post(s) Now |
| Free SharePoint 2010 Web Parts |
| SharePoint HR |
Pingback: Tweets that mention http://rtmgroupq8.com/en/sharepoint-2010-web-parts-security -- Topsy.com
Pingback: Emergency Preparedness Kits
Pingback: Create SharePoint Excel Web Part « RTM GROUP Q8
Pingback: Deploy SharePoint 2010 custom web parts « RTM GROUP Q8
Pingback: Creating SharePoint Web Part « RTM GROUP Q8
Pingback: SharePoint 2010 Web Parts Security « Dorothy E Davis's Blog
Pingback: SharePoint 2010 External List « RTM GROUP Q8
Pingback: Upgrade SharePoint 2007 to 2010 « RTM GROUP Q8
Pingback: Add Image to SharePoint Visual Web Part « RTM GROUP Q8
Pingback: Military Medals
Pingback: Creating SSRS Reports from two SharePoint lists or more | RTM GROUP Q8