Website security depends on who’s actually accessing a website. Users may be put together in groups, in which case access permissions can be established at the group level, for all users in that group. In SharePoint, users are represented by the SPUser class, groups by SPGroup. Both inherit from the SPPrincipal abstract class, based on the SPMember abstract class. The SPWeb class will also expose collections of different groups and users.
Website Users and Groups
SharePoint groups are represented by the SPGroup class, SharePoint users by SPUser:
Here are some important properties and methods on which direct relationships between a website, users and groups are established:
- SPGroup.Users – users that belong to the group.
- SPGroup.Owner –> SPPrincipal – owner for the group (user or another group).
- SPUser.Groups – groups the user belongs to.
- SPUser.OwnedGroups – groups created by the user.
- SPWeb.Groups – groups available in the website
- SPWeb.Users – users from the website.
- SPWeb.SiteGroups – all groups in the site collection.
- SPWeb.SiteUsers – all users in the site collection.
- SPWeb.SiteAdministrators – all website administrator users.
- SPWeb.AllUsers – all users of the website (either members or who have browsed to the website as authenticated members of a domain group in the website).
- SPWeb.AssociatedMemberGroup – group of users with Contributor permissions.
- SPWeb.AssociatedVisitorGroup – group of users with Visitor permissions.
- SPWeb.AssociatedOwnerGroup – group of users with Owner permissions.
- SPWeb.AssociatedGroups – list of groups associated with the website.
- SPWeb.CurrentUser – current website user.
- SPWeb.Author – creator user of the website.
- SPWeb.EnsureUser(logonName) – checks whether the specified logon name belongs to a valid user of the website, and if the logon name does not already exist, adds it to the website.
- SPWeb.AddApplicationPrincipal(…) – adds a user to the website as an application principal (a user object that is delegated to act on behalf of an external application).
- SPUtility.GetAllAuthenticatedUsers(SPWeb) – string list of all authenticated users in the website.
SPUser and SPGroup
Both SPUser and SPGroup inherit from the SPPrincipal abstract class, based on the SPMember abstract class:
- SPGroup.AddUser(…) – adds a user to the group (existing SPUser or new user, by name, email address, display name and notes to the group).
- SPGroup.RemoveUser(SPUser) – removes a user from the group.
Code sequence to remove a user from every group in a site collection:
using (SPWeb web = SPContext.Current.Site.RootWeb) {
SPUser user = web.Users["User Name"];
foreach (SPGroup group in web.SiteGroups)
group.RemoveUser(user);
}
Code sequence to change some properties of a group from the site collection:
using (SPWeb web = SPContext.Current.Site.RootWeb) {
SPGroup group = web.SiteGroups["MyGroup"];
group.Name = "Group Name";
group.Description = "Group Description";
group.Owner = web.Users["MyDomain\\User"];
group.Update();
}
SPUser Aggregate Objects
Both SPUser and SPWeb expose a RegionalSettings property returning a SPRegionalSettings object, for the regional settings associated with either the user or the website.
Alerts are set per user (SPUser.Alerts collection, for SPAlert objects), but SPWeb.Alerts returns all user alerts in the website.
SPUser.UserToken may return a SPUserToken object, which identifies the authentication process applied to the user. SPWeb.GetUserToken(userName) retrieves the user token associated with a specific user, by its name.