3 minute read
Sometimes when you create and configure a Data View Web Part (DVWP), you’ll see the PermMask column show up on its own in the DataFields or the CAML in your DataSource. This happens most often when you are building a Crosslist query (DataSourceMode=”CrossList”).
The PermMask column contains the permissions mask for the item for the current user. When you are working on the DVWP in SharePoint Designer, you’ll almost always see that the value of the PermMask column equals 0x7fffffffffffffff. This is because, as someone who has the permissions to edit the page and display the list content in SharePoint Designer, you’ve got full permission on the list items.
It took a little digging, but I found a page deep in MSDN that gave me the logic behind the bytes in the PermMask. The table at 188.8.131.52 WSS Rights Mask shows what each byte means and what permission it grants. (Not surprisingly, it maps well to the roles that you can set at /_layouts/roles.aspx.)
At the extremes, we have EmptyMask = 0x0000000000000000 (Grant no permissions) and FullMask = 0x7FFFFFFFFFFFFFFF (Grant all permissions).
Lifting the rest of the information from the MSDN article, here are the Symbolic name, Values, and Descriptions for the rest of the PermMask bytes, nibbles, and bits (oh my). I’ll leave it as an exercise for the reader (for now) to build an XSL template to check the values.
Allow addition of list items to lists, documents to document libraries, and Web discussion comments.
Allow editing of list items in lists, documents in document libraries, Web discussion comments, and to customize Web part pages in document libraries.
Allow deletion of list items from lists, documents from document libraries, and Web discussion comments.
Allow approval of minor versions of a list item or document.
Allow viewing the source of documents with server-side file handlers.
Allow viewing of past versions of a list item or document.
Allow deletion of past versions of a list item or document.
Allow discard or check in of a document that is checked out to another user.
Allow creation, change, and deletion of personal views of lists.
The Web level permissions (0x0000XXXXXXXX0000) are specified as follows.
Allow viewing of pages in a site.
Allow addition, modification, or deletion of HTML pages or Web part pages, and editing of the site using an editor compatible with Windows SharePoint Services.
Allow application of a theme or borders to the entire site.
Allow application of a style sheet (.css file) to the site.
Allow viewing of reports on site usage.
Allow creation of a site using Self-Service Site Creation, an implementation-specific capability of Windows SharePoint Services.
Allow creation of a group of users that can be used anywhere within the site collection.
Allow creation and modification of permission levels on the site and assigning permissions to users and site groups.
Allow enumeration of documents and folders in a site using [MS-FPSE] and WebDAV interfaces.
Allow viewing the information about all users of the site.
Allow addition or removal of personal Web parts on a Web part page.
Allow updating of Web parts to display personalized information.
Allow all administration tasks for the site as well as manage content.
Allow use of SOAP, WebDAV, or [MS-FPSE] to access the site.
Allow management of alerts for all users of the site.
Allow creation of e-mail alerts.
Allow users to change their own user information, such as adding a picture.
The Special permissions (0xXXXX000000000000) are specified as follows.
Allow enumeration of permissions on the site, list, folder, document, or list item.