PermMask in SharePoint DVWPs
Sometimes when you create and configure a Data View Web Part (DVWP), you’ll see the PermMask column show up on its own in the DataFields or the CAML in your DataSource. This happens most often when you are building a Crosslist query (DataSourceMode=”CrossList”).
The PermMask column contains the permissions mask for the item for the current user. When you are working on the DVWP in SharePoint Designer, you’ll almost always see that the value of the PermMask column equals 0x7fffffffffffffff. This is because, as someone who has the permissions to edit the page and display the list content in SharePoint Designer, you’ve got full permission on the list items.
It took a little digging, but I found a page deep in MSDN that gave me the logic behind the bytes in the PermMask. The table at 2.2.2.13 WSS Rights Mask shows what each byte means and what permission it grants. (Not surprisingly, it maps well to the roles that you can set at /_layouts/roles.aspx.)
At the extremes, we have EmptyMask = 0x0000000000000000 (Grant no permissions) and FullMask = 0x7FFFFFFFFFFFFFFF (Grant all permissions).
Lifting the rest of the information from the MSDN article, here are the Symbolic name, Values, and Descriptions for the rest of the PermMask bytes, nibbles, and bits (oh my). I’ll leave it as an exercise for the reader (for now) to build an XSL template to check the values.
The list and document permissions (0x000000000000XXXX) are specified as follows.
ViewListItems
0x0000000000000001
Allow viewing of list items in lists, documents in document libraries, and Web discussion comments.
AddListItems
0x0000000000000002
Allow addition of list items to lists, documents to document libraries, and Web discussion comments.
EditListItems
0x0000000000000004
Allow editing of list items in lists, documents in document libraries, Web discussion comments, and to customize Web part pages in document libraries.
DeleteListItems
0x0000000000000008
Allow deletion of list items from lists, documents from document libraries, and Web discussion comments.
ApproveItems
0x0000000000000010
Allow approval of minor versions of a list item or document.
OpenItems
0x0000000000000020
Allow viewing the source of documents with server-side file handlers.
ViewVersions
0x0000000000000040
Allow viewing of past versions of a list item or document.
DeleteVersions
0x0000000000000080
Allow deletion of past versions of a list item or document.
CancelCheckout
0x0000000000000100
Allow discard or check in of a document that is checked out to another user.
ManagePersonalViews
0x0000000000000200
Allow creation, change, and deletion of personal views of lists.
ManageLists
0x0000000000000800
Allow creation and deletion of lists, addition or removal of fields to the schema of a list, and addition or removal of personal views of a list.
ViewFormPages
0x0000000000001000
Allow viewing of forms, views, and application pages, and enumerate lists.
The Web level permissions (0x0000XXXXXXXX0000) are specified as follows.
Open
0x0000000000010000
Allow access to the items contained within a site, list, or folder.
ViewPages
0x0000000000020000
Allow viewing of pages in a site.
AddAndCustomizePages
0x0000000000040000
Allow addition, modification, or deletion of HTML pages or Web part pages, and editing of the site using an editor compatible with Windows SharePoint Services.
ApplyThemeAndBorder
0x0000000000080000
Allow application of a theme or borders to the entire site.
ApplyStyleSheets
0x0000000000100000
Allow application of a style sheet (.css file) to the site.
ViewUsageData
0x0000000000200000
Allow viewing of reports on site usage.
CreateSSCSite
0x0000000000400000
Allow creation of a site using Self-Service Site Creation, an implementation-specific capability of Windows SharePoint Services.
ManageSubwebs
0x0000000000800000
Allow creation of a subsite within the site or site collection.
CreateGroups
0x0000000001000000
Allow creation of a group of users that can be used anywhere within the site collection.
ManagePermissions
0x0000000002000000
Allow creation and modification of permission levels on the site and assigning permissions to users and site groups.
BrowseDirectories
0x0000000004000000
Allow enumeration of documents and folders in a site using [MS-FPSE] and WebDAV interfaces.
BrowseUserInfo
0x0000000008000000
Allow viewing the information about all users of the site.
AddDelPrivateWebParts
0x0000000010000000
Allow addition or removal of personal Web parts on a Web part page.
UpdatePersonalWebParts
0x0000000020000000
Allow updating of Web parts to display personalized information.
ManageWeb
0x0000000040000000
Allow all administration tasks for the site as well as manage content.
UseClientIntegration
0x0000001000000000
Allow use of features that launch client applications; otherwise, users must work on documents on their local machines and upload changes to the WFE.
UseRemoteAPIs
0x0000002000000000
Allow use of SOAP, WebDAV, or [MS-FPSE] to access the site.
ManageAlerts
0x0000004000000000
Allow management of alerts for all users of the site.
CreateAlerts
0x0000008000000000
Allow creation of e-mail alerts.
EditMyUserInfo
0x0000010000000000
Allow users to change their own user information, such as adding a picture.
The Special permissions (0xXXXX000000000000) are specified as follows.
EnumeratePermissions
0x4000000000000000
Allow enumeration of permissions on the site, list, folder, document, or list item.
I have encountered this and it is driving me crazy. I have a scenario where I am performing a DVWP Crosslist. All records for a given user are read only and there is one record where they have full control. When the user accesses the record doing using a DVWP in List mode the correct 0x7FFFFFFFFFFFFFFF value shows up. However when I change it to crosslist mode the record appears with 0xb008431061. Any idea why?
Not quite sure. If you aren’t doing so already, I would suggest that you display the PermMask value right next to the item columns in your DVWP and see what values your users see for each item. This will tell you if things are mapping the way you would expect. Switching to CrossList mode itself shouldn’t change the PermMask value for a user on a particular item.
The 0xb008431061 value doesn’t have the appropriate number of bytes, nor is it a valid PermMask value. Are you certain that you’re looking at the right value?
Thanks for getting back to me so quickly. I am displaying the PermMask Value in the dataview. I have also verified this value via Stramit’s CAML Viewer (All of the other records have 0xb008431061 as the PermMask and the record I am talking about has the FUll Mask however via the XSL the full mask miraculously switches to the 0xb008431061 in CrossList Mode). I am selecting @PermMask in the XSL. Here is my SPDataSource
what is the easiest way to check the permission for PermMask using bitwise operations?
Nebras:
Do you mean in XSL or some other way?
M.
Is there a permmask on a column level? I have a scenario in which my crosslist DVWP displays a column from the list but not from @FileDirRef (only when using a substring function.).
@Adam:
There are no column level permissions in SharePoint, so I think the answer has to be “no”. I’d suggest you display the value for @FileDirRef so you can check if your substring function is doing what you intend.
M.