PermMask in SharePoint DVWPs

Sometimes when you create and configure a Data View Web Part (DVWP), you’ll see the PermMask column show up on its own in the DataFields or the CAML in your DataSource.  This happens most often when you are building a Crosslist query (DataSourceMode=”CrossList”).

The PermMask column contains the permissions mask for the item for the current user.  When you are working on the DVWP in SharePoint Designer, you’ll almost always see that the value of the PermMask column equals 0x7fffffffffffffff.  This is because, as someone who has the permissions to edit the page and display the list content in SharePoint Designer, you’ve got full permission on the list items.

It took a little digging, but I found a page deep in MSDN that gave me the logic behind the bytes in the PermMask.  The table at 2.2.2.13 WSS Rights Mask shows what each byte means and what permission it grants.  (Not surprisingly, it maps well to the roles that you can set at /_layouts/roles.aspx.)

At the extremes, we have EmptyMask = 0x0000000000000000 (Grant no permissions) and FullMask = 0x7FFFFFFFFFFFFFFF (Grant all permissions).

Lifting the rest of the information from the MSDN article, here are the Symbolic name, Values, and Descriptions for the rest of the PermMask bytes, nibbles, and bits (oh my).  I’ll leave it as an exercise for the reader (for now) to build an XSL template to check the values.

The list and document permissions (0x000000000000XXXX) are specified as follows.

ViewListItems

0x0000000000000001

Allow viewing of list items in lists, documents in document libraries, and Web discussion comments.

AddListItems

0x0000000000000002

Allow addition of list items to lists, documents to document libraries, and Web discussion comments.

EditListItems

0x0000000000000004

Allow editing of list items in lists, documents in document libraries, Web discussion comments, and to customize Web part pages in document libraries.

DeleteListItems

0x0000000000000008

Allow deletion of list items from lists, documents from document libraries, and Web discussion comments.

ApproveItems

0x0000000000000010

Allow approval of minor versions of a list item or document.

OpenItems

0x0000000000000020

Allow viewing the source of documents with server-side file handlers.

ViewVersions

0x0000000000000040

Allow viewing of past versions of a list item or document.

DeleteVersions

0x0000000000000080

Allow deletion of past versions of a list item or document.

CancelCheckout

0x0000000000000100

Allow discard or check in of a document that is checked out to another user.

ManagePersonalViews

0x0000000000000200

Allow creation, change, and deletion of personal views of lists.

ManageLists

0x0000000000000800

Allow creation and deletion of lists, addition or removal of fields to the schema of a list, and addition or removal of personal views of a list.

ViewFormPages

0x0000000000001000

Allow viewing of forms, views, and application pages, and enumerate lists.

The Web level permissions (0x0000XXXXXXXX0000) are specified as follows.

Open

0x0000000000010000

Allow access to the items contained within a site, list, or folder.

ViewPages

0x0000000000020000

Allow viewing of pages in a site.

AddAndCustomizePages

0x0000000000040000

Allow addition, modification, or deletion of HTML pages or Web part pages, and editing of the site using an editor compatible with Windows SharePoint Services.

ApplyThemeAndBorder

0x0000000000080000

Allow application of a theme or borders to the entire site.

ApplyStyleSheets

0x0000000000100000

Allow application of a style sheet (.css file) to the site.

ViewUsageData

0x0000000000200000

Allow viewing of reports on site usage.

CreateSSCSite

0x0000000000400000

Allow creation of a site using Self-Service Site Creation, an implementation-specific capability of Windows SharePoint Services.

ManageSubwebs

0x0000000000800000

Allow creation of a subsite within the site or site collection.

CreateGroups

0x0000000001000000

Allow creation of a group of users that can be used anywhere within the site collection.

ManagePermissions

0x0000000002000000

Allow creation and modification of permission levels on the site and assigning permissions to users and site groups.

BrowseDirectories

0x0000000004000000

Allow enumeration of documents and folders in a site using [MS-FPSE] and WebDAV interfaces.

BrowseUserInfo

0x0000000008000000

Allow viewing the information about all users of the site.

AddDelPrivateWebParts

0x0000000010000000

Allow addition or removal of personal Web parts on a Web part page.

UpdatePersonalWebParts

0x0000000020000000

Allow updating of Web parts to display personalized information.

ManageWeb

0x0000000040000000

Allow all administration tasks for the site as well as manage content.

UseClientIntegration

0x0000001000000000

Allow use of features that launch client applications; otherwise, users must work on documents on their local machines and upload changes to the WFE.

UseRemoteAPIs

0x0000002000000000

Allow use of SOAP, WebDAV, or [MS-FPSE] to access the site.

ManageAlerts

0x0000004000000000

Allow management of alerts for all users of the site.

CreateAlerts

0x0000008000000000

Allow creation of e-mail alerts.

EditMyUserInfo

0x0000010000000000

Allow users to change their own user information, such as adding a picture.

The Special permissions (0xXXXX000000000000) are specified as follows.

EnumeratePermissions

0x4000000000000000

Allow enumeration of permissions on the site, list, folder, document, or list item.

Similar Posts

8 Comments

  1. I have encountered this and it is driving me crazy. I have a scenario where I am performing a DVWP Crosslist. All records for a given user are read only and there is one record where they have full control. When the user accesses the record doing using a DVWP in List mode the correct 0x7FFFFFFFFFFFFFFF value shows up. However when I change it to crosslist mode the record appears with 0xb008431061. Any idea why?

    1. Not quite sure. If you aren’t doing so already, I would suggest that you display the PermMask value right next to the item columns in your DVWP and see what values your users see for each item. This will tell you if things are mapping the way you would expect. Switching to CrossList mode itself shouldn’t change the PermMask value for a user on a particular item.

      The 0xb008431061 value doesn’t have the appropriate number of bytes, nor is it a valid PermMask value. Are you certain that you’re looking at the right value?

  2. Thanks for getting back to me so quickly. I am displaying the PermMask Value in the dataview. I have also verified this value via Stramit’s CAML Viewer (All of the other records have 0xb008431061 as the PermMask and the record I am talking about has the FUll Mask however via the XSL the full mask miraculously switches to the 0xb008431061 in CrossList Mode). I am selecting @PermMask in the XSL. Here is my SPDataSource

  3. Is there a permmask on a column level? I have a scenario in which my crosslist DVWP displays a column from the list but not from @FileDirRef (only when using a substring function.).

    1. @Adam:

      There are no column level permissions in SharePoint, so I think the answer has to be “no”. I’d suggest you display the value for @FileDirRef so you can check if your substring function is doing what you intend.

      M.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.