Creating Item Level Security for an Event Receiver based upon metadata (Part 1)

First step in the process is to create a basic feature for MOSS. For more information in regarding the template, view the information here: Creating a SharePoint Custom Event Handler as a feature – Basics

The steps I took in creating item level security utilized a custom list in MOSS. This way, the user can customize the setting of the feature and also the group/user permissions that will be set. This can also be done using a config file or other possibilities, but for my example, I used a list.

Configuration List Setup

Browse to the SharePoint site you have the Security event handler feature activated and create a new list called: ItemLevelSecurityConfiguration(or whatever you want to call it). A basic example of what the list should include is as follows:


For the columns Group 1 and Group 2, I set the following:

  • Allow multiple section = Yes
  • Allow selection of = People and Groups
  • Choose From = All Users
  • Show Field = Name


For the column RoleType, I set the choice values as follows:

  • Administrator
  • Contribute
  • Guest
  • Reader
  • WebDesigner


For my example, I set the default value as Contribute.

To set the values of the configuration list, observe the following for reference:

  • Title = Name of the entry, usually the same name as the document library
  • WebURL = the web URL of the site that the feature is activated on
  • SharePointList = SharePoint Document library that will incorporate the security event handler feature
  • Group 1 = the groups(or user) that will be given access to the document.
  • Group 2 = the groups(or user) that will be given access to the document.
  • RoleType = type of permissions the groups are given access to the document (default is Contribute).

Connecting to the Configuration List

A method that I created that gathered the information from the configuration list is called SetConfiguration. This method allows the user to pass in 2 parameters, a SPWeb & document library name. 

Since the configuration list shouldn’t change often, I decided to cache the values, so that the setting of the configuration is kept to a minumum. Line 19 shows me inserting the values into the HttpRuntime.Cache, expiring after 1 day (DateTime.Now.AddHours(24)).  Therefore, next time this method is called, it will be able to populate the SPListItem without parsing through the MOSS list. The SPListItem specifies a specific row or item in a list. To determine this row, I used a SPQuery method utilizing CAML to retrieve the SharePointList values where it matches the current document library that the feature is running. I then call the SPList GetItems method to populate a list item collection.

   1: #region SetConfiguration
   2:         private void SetConfiguration(SPWeb sWeb, string docLibName)
   3:         {
   4:             SPListItem configurationListItemForDocLib = HttpRuntime.Cache.Get(docLibName) as SPListItem;
   5:             if (configurationListItemForDocLib == null)
   6:             {
   7:                 //List name of configuration settings
   8:                 SPList spListConfig = sWeb.Lists["ItemLevelSecurityConfiguration"];
  10:                 //Query the ItemLevelSecurityConfiguration SharePoint list where the entry matches the current document library.
  11:                 SPQuery spQuery = new SPQuery();
  12:                 spQuery.Query = "<Where><Eq><FieldRef Name='SharePointList' /><Value Type='Text'>" + docLibName + "</Value></Eq></Where>";
  13:                 spQuery.RowLimit = 1;
  15:                 SPListItemCollection collListItems = spListConfig.GetItems(spQuery);
  16:                 if (collListItems.Count != 0)
  17:                 {
  18:                     configurationListItemForDocLib = collListItems[0];
  19:                     HttpRuntime.Cache.Insert(docLibName, configurationListItemForDocLib, null, DateTime.Now.AddHours(24), System.Web.Caching.Cache.NoSlidingExpiration);
  20:                 }
  21:             }
  23:             if (configurationListItemForDocLib != null)
  24:             {
  25:                 sharePointList = configurationListItemForDocLib["SharePointList"].ToString();
  26:                 Group1 = (SPFieldUserValueCollection)configurationListItemForDocLib["Group 1"];
  27:                 Group2 = (SPFieldUserValueCollection)configurationListItemForDocLib["Group 2"];
  28:                 roleType = configurationListItemForDocLib["RoleType"].ToString();
  30:                 applySecurity = true;
  31:             }
  32:             else
  33:             {
  34:                 applySecurity = false;
  35:             }
  36:         }
  38:         #endregion

Now we have a customizable list and a connection for this list. The next post will show the ways to apply the security to the individual documents.

Leave a Reply

Your email address will not be published. Required fields are marked *