Determining if a User Is in a Permission Group with SharePoint’s Web Services
It’s not unusual to want to know if a user is in a certain permission group and change how a page behaves based on whether or not s/he is. AlexLee over on EndUserSharePoint.com‘s Stump the Panel asked how you might be able to do this using SharePoint’s Web Services. jQuery Library for SharePoint Web Services (SPServices) to the rescue!
By calling the GetGroupCollectionFromUser operation of the Users and Groups Web Service, you can determine whether your user is in the group. Here’s the example code from Alex’s post (altered a little bit for simplicity):
$(document).ready(function() { $().SPServices({ operation: "GetGroupCollectionFromUser", userLoginName: $().SPServices.SPGetCurrentUser(), async: false, completefunc: function(xData, Status) { if($(xData.responseXML).find("Group[Name='GroupNameHere']").length == 1) { ... do something ... } } }); });
Remember that this jQuery call will occur on the client side, so it’s not a good method to use if you’re trying to enforce permissions. However, it can allow you to alter the page on the fly based on the user’s group membership.
Hi Marc,
Any Ideas as to why this would not work when users are members of a security group that was added to the sharepoint group? I’ve run in to this problem where I can detect group membership when added directly to a sharepoint group but not when Active Directory security groups were added (did this for the ease of administration)…
any feedback would be great
Thanks
J
Jackson:
Unfortunately, there’s no way to iterate an AD Security Group. This is a design flaw, IMHO. See my post about these issues.
M.
Hi Marc,
Great Post!
The perfect solution for me if I can make the puzzle into places. I created a sharepoint group name “sgroup” and targeting a div with ID sdiv to toggle visibility according to current login user group.
The very simple code I added from your sample is this:
if($(xData.responseXML).find(“Group[Name=’sgroup’]”).length == 1)
{
$(‘#sdiv’).show();
}
else
{
$(‘#sdiv’).hide();
}
but the div is always visible to all user regardless of there group name. Appreciate your thought.
Thanks.
W
W:
What you’re doing seems to make sense. Have you looked at the XML coming back from the call to see what’s there? Probably a little debugging will get you to the bottom of it.
M.
Hi Marc, Thanks for letting me know.
Is there another tool to view XML data Im not sure if Im doing it right in IE Developer and FireBug.
Probably the easiest thing to do is simply use alerts.
alert(xData.responseText);
is the best start.M.
Big thanks. I found something similar and do the job
$(xData.responseXML).find(“Group”).each(function() {
if ($(this).attr(‘Name’)==’sgroup’){ $(‘#sdiv’).show();}
});
On the surface, it looks equivalent, but there must be something I’m not seeing. In any case, if it works, it works!
M.
hi mark,
This method fails for groups into which users are added using a security group. Did you notice that?
remos:
It doesn’t fail so much as it’s not useful. See my blog post Active Directory Groups vs. SharePoint Groups for User Management: A Dilemma.
M.
Thanx Marc …
Its exactly what I was looking for.
Your solutions always work. :)
Kaushar
Hi Marc,
Does this not work when user are added through AD groups? If I directly add the user to the SP Group it seems to work. But when I add the user through AD group to a SP group, it doesn’t
Thanks in advance!
Regards,
Badhon
Badhon:
That’s correct. Check out my posts about this:
http://sympmarc.com/?s=Denouement+
M.
Do you know why this code will run for users with extended rights but not for users who don’t have extended righs?
More info: My test are showing that a user has to be at least “Design, Limited Access” to run the script??? Is this the case?
Taffy:
The “rule” is that the user must be able to do the same action in the UI or else they won’t be able to do that action using the Web Services. The Web Services calls respect all user permissions. See my post Elevating Permissions with SharePoint’s Web Services.
M.
$().SPServices({
operation: “GetGroupCollectionFromUser”,
userLoginName: $().SPServices.SPGetCurrentUser(),
async: false,
completefunc: function(xData, Status) {
if($(xData.responseXML).find(“Group[Name=’GroupName’]”).length == 1)&&()
I have a question about the and I added. I would like to get a value from a dropdown I used,” var status =$(“select[title=’Form Submit Type’]”).val(); “. I want a user to be part of the group && status == Submit. The only problem is the variable with in the SPServices is unknown. Do I do a SPServices Query for the value then pass it into another SPServices to do the logic. Or do I use XSLT to do the second compare.
Art:
I’m not sure if all of your code made it through. Can you repost this on the SPServices Discussions?
M.
Sorry about that ok so the code is,
$().SPServices({
operation: “GetGroupCollectionFromUser”,
userLoginName: $().SPServices.SPGetCurrentUser(),
async: false,
completefunc: function(xData, Status) {
if($(xData.responseXML).find(“Group[Name=’Group A’]”).length == 1)
{
EnableAllSPFields();
EnableOKButton();
}
if ($(xData.responseXML).find(“Group[Name=’Group B’]”).length == 1) && (status == “Submit”)
{
EnableOKButton();
EnableSPField(“Program Name”);
EnableSPField(“Run Date”);
EnableSPField(“Range Craft”);
EnableSPField(“Range Location”);
EnableSPField(“Range Systems”);
}
}
});
});
Where the and is I would like to evaluate a variable I set using
var status =$(“select[title=’Form Submit Type’]“).val();
Then evaluate that with in the brackets after the &&. The problem is when the var is set inside the spservices it shows null. When the var is set outside the val is what it should be. I left out the helper functions because they work just fine. Everything works just not my && evaluation.
Art:
Can you post this in the SPServices discussions?
M.
I have a dropdown field in the form and the user selects the group from the dropdown. I want to run this code based on the drop down value selected. so i would like to use reusable function for the groupname instead of hard coding the value. thanks for the suggesstion you can provide on how to do it.
Hi Mark,
The above script is worked for users available in SP Group. I want to check user present in AD group and AD group present in SP Group. Is it possible using jquery or EMA Script.
Thanks
bborole:
Sadly, no. See my post ‘Active Directory Groups vs. SharePoint Groups for User Management: A Dilemma’
http://sympmarc.com/2011/02/16/active-directory-groups-vs-sharepoint-groups-for-user-management-a-dilemma/
M.