Programmatically create custom role in selected sub sites in SharePoint 2010

In this article I am explaining how to create a custom role in SharePoint using C#.

A custom role is required in SharePoint when you need to assign a role to the user as per the requirement not the OOTB.

Add this code to your solution to add the custom role based on the sub site.

I have the following scenrio:

Person: People picker that will be used to add a user.

Country: Listbox containing the list of subsites where we will add the user and assign roles.

Administrator type: Type of custom role where we will assign to the selected user in selected susbsite (Country).



Code :

private void AddUserToGroup(string selectedUser, string userGroupName,string subSite)
{
SPSecurity.RunWithElevatedPrivileges(delegate
{
using (SPSite spSite = new SPSite(SPContext.Current.Site.Url))
{
using (SPWeb spWeb = spSite.AllWebs[subSite
{
try
{
spWeb.AllowUnsafeUpdates = true;
SPUser spUser = spWeb.EnsureUser(selectedUser);
spWeb.RoleDefinitions.BreakInheritance(true, true);
SPRoleDefinition role;
switch(userGroupName)
{
case "Super Administrator":
role = new SPRoleDefinition
{
Name = userGroupName,Description = userGroupName,BasePermissions = SPBasePermissions.FullMask ^
(SPBasePermissions.ManagePermissions
SPBasePermissions.ManageLists
SPBasePermissions.AddListItems
SPBasePermissions.EditListItems
SPBasePermissions.DeleteListItems
SPBasePermissions.ViewVersions
SPBasePermissions.DeleteVersions
SPBasePermissions.CreateAlerts
SPBasePermissions.CreateGroups)
};
break;
case "Regional Administrator":
role = new SPRoleDefinition
{
Name = userGroupName,Description = userGroupName,BasePermissions = SPBasePermissions.FullMask ^
(SPBasePermissions.ManagePermissions
SPBasePermissions.ManageLists
SPBasePermissions.AddListItems
SPBasePermissions.EditListItems
SPBasePermissions.DeleteListItems
SPBasePermissions.ViewVersions
SPBasePermissions.DeleteVersions
SPBasePermissions.CreateAlerts
)
};
break;
case "Marketing Administrator":
role = new SPRoleDefinition
{
Name = userGroupName,Description = userGroupName,BasePermissions = SPBasePermissions.FullMask ^
(SPBasePermissions.ManagePermissions
SPBasePermissions.ManageLists
SPBasePermissions.AddListItems
SPBasePermissions.EditListItems
SPBasePermissions.DeleteListItems
SPBasePermissions.ViewVersions
SPBasePermissions.DeleteVersions
)
};
break;
case "Country Administrator":
role = new SPRoleDefinition
{
Name = userGroupName,Description = userGroupName,BasePermissions = SPBasePermissions.FullMask ^
(SPBasePermissions.ManagePermissions
SPBasePermissions.ManageLists
SPBasePermissions.AddListItems
SPBasePermissions.EditListItems
SPBasePermissions.DeleteListItems
)
};
break;
default:
role = new SPRoleDefinition
{
Name = userGroupName,Description = userGroupName,BasePermissions = SPBasePermissions.FullMask ^
(SPBasePermissions.ManagePermissions
SPBasePermissions.ManageLists
SPBasePermissions.AddListItems

};
break;
}
spWeb.RoleDefinitions.Add(role);
spWeb.Update();
spWeb.RoleDefinitions.Cast<SPRoleDefinition>().First(def => def.Name == userGroupName);
SPRoleDefinition newrole = spWeb.RoleDefinitions[userGroupName];
SPRoleAssignment roleAssignment;
roleAssignment = new SPRoleAssignment(spUser.LoginName, spUser.Email, spUser.Name, "Notes about user");
roleAssignment.RoleDefinitionBindings.Add(newrole);
spWeb.RoleAssignments.Add(roleAssignment);
spWeb.Update();
lblError.Text = selectedUser + " is added to the " + userGroupName + "in subsite " + spWeb.Title;
}
catch (Exception ex)
{
lblError.Text = ex.Message;
}
finally
{
spWeb.AllowUnsafeUpdates = false;
}
}
}
});
}

Final output you can check from the site. It will look like below:



That's it for now…..

I created the component as a webpart. You can use the same code in a handler/workflow code activity etc…

Hope you like this article. It's really helpful when you come across a concept when permission management is needed for your SharePoint component.

Hope this article will save you a lot of time and effort.