When Inheritance Resets Security

If you’ve ever tried to play with sites permissions via the SharePoint Object Model, you’ve probably encountered this nasty security validation error:

The security validation for this page is invalid.

An easy work around for this, is to temporarily allow unsafe updates to be done at the web level by setting the following property to true:

[SPWeb].AllowUnsafeUpdates = true;

Well, guess what, depending on what you are trying to achieve with your code, you may have to set this value to true more than once during the lifetime of your SPWeb object. Whenever you code is breaking inheritance on a RoleDefinition that exists at the web level, this property automatically gets reset to false. For example, the following code, where elevatedWeb is an elevated SPWeb object:

elevatedWeb.AllowUnsafeUpdates = true;Opened Lock

SPMember member = elevatedWeb.Users[“contoso\userx];
elevatedWeb.BreakRoleInheritance(true);

SPRoleDefinitionCollection roledef = elevatedWeb.RoleDefinitions;

if (!elevatedWeb.HasUniqueRoleDefinitions)
roledef.BreakInheritance(true, true);

Automatically resets the AllowUnsafeUpdates property to false as soon as the .BreakRoleInheritance is called on the RoleDefinition. Not that, however, it is not being reset when the inheritance is broken on the elevatedWeb SPweb object This is something to watch out for.

Microsoft Premier Field Engineer – SharePoint

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*