Determining if a User Is in a Permission Group with SharePoint’s Web Services
It’s not unusual to want to know if a user is in a certain permission group and change how a page behaves based on whether or not s/he is. AlexLee over on EndUserSharePoint.com‘s Stump the Panel asked how you might be able to do this using SharePoint’s Web Services. jQuery Library for SharePoint Web Services (SPServices) to the rescue!
By calling the GetGroupCollectionFromUser operation of the Users and Groups Web Service, you can determine whether your user is in the group. Here’s the example code from Alex’s post (altered a little bit for simplicity):
$(document).ready(function() {
$().SPServices({
operation: "GetGroupCollectionFromUser",
userLoginName: $().SPServices.SPGetCurrentUser(),
async: false,
completefunc: function(xData, Status) {
if($(xData.responseXML).find("Group[Name='GroupNameHere']").length == 1)
{
... do something ...
}
}
});
});
Remember that this jQuery call will occur on the client side, so it’s not a good method to use if you’re trying to enforce permissions. However, it can allow you to alter the page on the fly based on the user’s group membership.
I am getting ‘error’ msg in Status variable
function getCurrentUserRole(roleName) {
alert(‘called Role ‘+roleName); // this comes with roleName
$().SPServices({
operation: “GetRolesAndPermissionsForCurrentUser”,
async: false,
completefunc: function (xData, Status) {
if( Status == “success”) {
$(xData.responseXML).find(“[nodeName=Role]“).each(function () {
if($(this).attr(“Name”).indexOf(roleName)>=0) {
alert(‘yess’);return 0;
}else{ alert(‘noo..’);return 1;}
});
}else{alert(Status);} // This alert comes and stops JS execution.
}
});
}
$(document).ready(function() {
getCurrentUserRole(“Visitor”);
});//Doc.ready func
I have check /_vti_bin/usergroup.asmx on-clicking “GetRolesAndPermissionsForCurrentUser” an Xml gets generated in browser. And in my another script I am able to get subsite of collection and I am CA/SiteCollection Admin What M I missing? or doing incorrecf
Praveen:
Odds are you’re seeing a permission issue.
M.
No Marc, for me too its odd.
I am SiteCollection Admin and in another programme I am able to get all webs, use cascading list but in permission thing I stuck here :(
Given full control to user and tried also but no luck… any detailed help is most welcome!
Pareveen:
Have you looked at the returned packet? Take a look at what’s sent and returned in Firebug or Fiddler.
I just ran this part of your code in Firefox and got a valid response:
$().SPServices({ operation: "GetRolesAndPermissionsForCurrentUser", async: false, completefunc: function (xData, Status) { if( Status == "success") { $(xData.responseXML).find("[nodeName=Role]").each(function () { if($(this).attr("Name").indexOf(roleName)>=0) { alert("yess");return 0; } else { alert("noo..");return 1; } }); } else { alert(Status);} // This alert comes and stops JS execution. } });BTW, it’s best to ask SPServices questions over in the Discussions on Codeplex.
M.
Hi Marc, When i use this operation : GetGroupCollectionFromUser as an admin.I get some result back.But when i login as a normal user .I don’t get anything back.
Any ideas.Is this a permission issue.What perm do they need to have to run this operation?
The permissions are exactly the same as they would be in the UI. So if the user can’t get to the page that shows the group membership, they can’t make the call.
M.
p.s. You’ve got a thread going over on the SPServices site; stick to that.
Naijacoder,
Maybe its Group Settings, “Who can view the membership of the group?” change from Group Members to Everyone. Maybe its not that simple just a thought.
How would you use this method, if the user was inside an AD group, that was placed in the SP Group? I have tested, and it will only work if the user is individually placed in the SPgroup, versus being part of an AD group placed in inside an SP Group. Many like to manage the permissions by using AD Groups inside SP Groups. I am using 0.7.2 of SPServices in MOSS 3.0/SP 2007
John:
Unfortunately, there’s no good story on this. Take a look at my two posts about it:
http://sympmarc.com/2011/02/16/active-directory-groups-vs-sharepoint-groups-for-user-management-a-dilemma/
M.
Hi Marc,
Thanks for sharing such a nice information.Its very helpful for me .
I have a requirement, if current logged on user exist in two are more groups then how do we check .
please let me know how to solve the issue.
MBKrishna:
You should look at GetGroupCollectionFromUser. All of the available Users and Groups operations are listed on the SPServices site:
https://spservices.codeplex.com/wikipage?title=Users%20and%20Groups
M.
Good its working fine for me.even though i did dome hide and show base on permission level
function displaymenubasedonpermission()
{
$().SPServices({
operation: “GetGroupCollectionFromUser”,
userLoginName: $().SPServices.SPGetCurrentUser(),
async: false,
completefunc: function(xData, Status) {
if($(xData.responseXML).find(“Group[Name=’SD Task owners’]”).length == 1)
{
$(“#td_admin”).show();
$(“#td_create”).show();
$(“#td_rept”).show();
}
else
{
$(“#td_admin”).hide();
$(“#td_create”).hide();
$(“#td_rept”).hide();
}
}
});
}
Hello Marc,
does your Code Snippet also work for SharePoint2013?
Thanks
Baris:
I can’t think of any reason it wouldn’t. Have you tried it?
M.
Perfect !
But it doesn’t work if the user is in an ad group that is added to the sharepoint group ;-)
Tib:
That is correct. See my posts here:
http://sympmarc.com/2011/02/16/active-directory-groups-vs-sharepoint-groups-for-user-management-a-dilemma/
M.
How to use it for sharepoint online?
The same approach should work. Have you tried it?
M.