Determining if a User Is in a Permission Group with SharePoint’s Web Services

It’s not unusual to want to know if a user is in a certain permission group and change how a page behaves based on whether or not s/he is.  AlexLee over on EndUserSharePoint.com‘s Stump the Panel asked how you might be able to do this using SharePoint’s Web ServicesjQuery Library for SharePoint Web Services (SPServices) to the rescue!

By calling the GetGroupCollectionFromUser operation of the Users and Groups Web Service, you can determine whether your user is in the group.  Here’s the example code from Alex’s post (altered a little bit for simplicity):

$(document).ready(function() {

   $().SPServices({
     operation: "GetGroupCollectionFromUser",
     userLoginName: $().SPServices.SPGetCurrentUser(),
     async: false,
     completefunc: function(xData, Status) {
        if($(xData.responseXML).find("Group[Name='GroupNameHere']").length == 1)
        {
           ... do something ...
        }
      }
   });
});

Remember that this jQuery call will occur on the client side, so it’s not a good method to use if you’re trying to enforce permissions. However, it can allow you to alter the page on the fly based on the user’s group membership.

Similar Posts

79 Comments

  1. I am getting ‘error’ msg in Status variable

    function getCurrentUserRole(roleName) {
    alert(‘called Role ‘+roleName); // this comes with roleName
    $().SPServices({
    operation: “GetRolesAndPermissionsForCurrentUser”,
    async: false,
    completefunc: function (xData, Status) {
    if( Status == “success”) {
    $(xData.responseXML).find(“[nodeName=Role]“).each(function () {
    if($(this).attr(“Name”).indexOf(roleName)>=0) {
    alert(‘yess’);return 0;
    }else{ alert(‘noo..’);return 1;}
    });
    }else{alert(Status);} // This alert comes and stops JS execution.
    }
    });
    }
    $(document).ready(function() {
    getCurrentUserRole(“Visitor”);

    });//Doc.ready func

    I have check /_vti_bin/usergroup.asmx on-clicking “GetRolesAndPermissionsForCurrentUser” an Xml gets generated in browser. And in my another script I am able to get subsite of collection and I am CA/SiteCollection Admin What M I missing? or doing incorrecf

      1. No Marc, for me too its odd.
        I am SiteCollection Admin and in another programme I am able to get all webs, use cascading list but in permission thing I stuck here :(
        Given full control to user and tried also but no luck… any detailed help is most welcome!

        1. Pareveen:

          Have you looked at the returned packet? Take a look at what’s sent and returned in Firebug or Fiddler.

          I just ran this part of your code in Firefox and got a valid response:

          $().SPServices({
            operation: "GetRolesAndPermissionsForCurrentUser",
            async: false,
            completefunc: function (xData, Status) {
              if( Status == "success") {
                $(xData.responseXML).find("[nodeName=Role]").each(function () {
                  if($(this).attr("Name").indexOf(roleName)>=0) {
                    alert("yess");return 0;
                  } else {
                    alert("noo..");return 1;
                  }
               });
             } else {
               alert(Status);} // This alert comes and stops JS execution.
           }
          });
          

          BTW, it’s best to ask SPServices questions over in the Discussions on Codeplex.

          M.

  2. Hi Marc, When i use this operation : GetGroupCollectionFromUser as an admin.I get some result back.But when i login as a normal user .I don’t get anything back.
    Any ideas.Is this a permission issue.What perm do they need to have to run this operation?

    1. The permissions are exactly the same as they would be in the UI. So if the user can’t get to the page that shows the group membership, they can’t make the call.

      M.

      p.s. You’ve got a thread going over on the SPServices site; stick to that.

  3. Naijacoder,

    Maybe its Group Settings, “Who can view the membership of the group?” change from Group Members to Everyone. Maybe its not that simple just a thought.

  4. How would you use this method, if the user was inside an AD group, that was placed in the SP Group? I have tested, and it will only work if the user is individually placed in the SPgroup, versus being part of an AD group placed in inside an SP Group. Many like to manage the permissions by using AD Groups inside SP Groups. I am using 0.7.2 of SPServices in MOSS 3.0/SP 2007

  5. Hi Marc,

    Thanks for sharing such a nice information.Its very helpful for me .

    I have a requirement, if current logged on user exist in two are more groups then how do we check .

    please let me know how to solve the issue.

  6. Good its working fine for me.even though i did dome hide and show base on permission level
    function displaymenubasedonpermission()
    {
    $().SPServices({
    operation: “GetGroupCollectionFromUser”,
    userLoginName: $().SPServices.SPGetCurrentUser(),
    async: false,
    completefunc: function(xData, Status) {
    if($(xData.responseXML).find(“Group[Name=’SD Task owners’]”).length == 1)
    {
    $(“#td_admin”).show();
    $(“#td_create”).show();
    $(“#td_rept”).show();
    }
    else
    {
    $(“#td_admin”).hide();
    $(“#td_create”).hide();
    $(“#td_rept”).hide();

    }
    }
    });
    }

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.