3

I want to get the list of all the users who have a particular role/permission on a site.

For example, I need the list of users who have edit rights RoleType=Editor using .Net CSOM in SharePoint 2013. They can be in any group. I tried many things. However, it seems there isn't a straight forward way to do this. Any ideas?

Improve this question

1 Answer 1

Reset to default
2

You could utilize Web.GetUserEffectivePermissions method to gets the effective permissions that the specified user has within the web site.

Example 1: Getting users by permission

The first example demonstrates how to retrieve users by permission, in particular users who can edit list items (using PermissionKind.EditListItems):

using (var ctx = new ClientContext(webUri)) { //Retrieve site users var users = ctx.LoadQuery(ctx.Web.SiteUsers.Where(u => u.PrincipalType == PrincipalType.User)); ctx.ExecuteQuery(); //Retrieve users permissions var userPermissionsResults = users.ToDictionary(user => user, user => ctx.Web.GetUserEffectivePermissions(user.LoginName)); ctx.ExecuteQuery(); //Filter the users who can edit list items var usersCanEditListItems = new List<User>(); foreach (var result in userPermissionsResults) { var user = result.Key; var userPermissions = result.Value.Value; if (userPermissions.Has(PermissionKind.EditListItems)) { usersCanEditListItems.Add(user); } } }

Example 2: getting users by role

In case of role type or permission levels the example become a little more complicated since we need to:

  • retrieve the list of permissions for a role type (step 1 and 2)
  • get users with permissions (step 3 and 4)
  • filter users by role permissions (step 5)

Example:

using (var ctx = new ClientContext(webUri)) { //1.Retrieve role definition var roleDef = ctx.Web.RoleDefinitions.GetByType(RoleType.Editor); ctx.Load(roleDef); ctx.ExecuteQuery(); //2.Get permission levels for role var permLevelNames = Enum.GetNames(typeof (PermissionKind)); var permissionLevels = permLevelNames.Select(permLevelName => (PermissionKind) Enum.Parse(typeof (PermissionKind), permLevelName)).Where(permissionLevel => roleDef.BasePermissions.Has(permissionLevel)).ToList(); //3.Retrieve users var users = ctx.LoadQuery(ctx.Web.SiteUsers.Where(u => u.PrincipalType == PrincipalType.User )); ctx.ExecuteQuery(); //4.Retrieve users permissions var userPermissionsResults = users.ToDictionary(user => user, user => ctx.Web.GetUserEffectivePermissions(user.LoginName)); ctx.ExecuteQuery(); //5.Filter users by role var editorUsers = new List<User>(); foreach (var result in userPermissionsResults) { var user = result.Key; var userPermissions = result.Value.Value; var hasPermissions = permissionLevels.All(userPermissions.Has); //has the same permissions? if (hasPermissions) { editorUsers.Add(user); } } }
Improve this answer
4
  • Hi Vadim, thanks for the reply. Yes, I tried the first method and it works very well. I am facing a little issue. I am not sure it has anything to do with this. After getting the user from result.key object, when i try to add thi user to a field in a sharepoint column, it changes the value of that user. I mean, if i add user1, it adds user2 instead. Any ideas on this unexpected behavior. I also tried loading the user again using EnuserUser() method. Not sure what is going wrong. Commented Jan 15, 2015 at 10:51
  • Good to know, regarding the issue, i will try to reproduce it and get back to you.. Commented Jan 15, 2015 at 13:41
  • To update on the issue, when i am getting the user using result.key method, it is not returning the correct id of the user. It is returning a different user id. is that possible? what is the scope of the user id? is it unique at site collection level or at farm level? Commented Jan 15, 2015 at 16:17
  • regarding user id, I believe the scope of user id is site collection Commented Jan 15, 2015 at 16:19

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.