Permissions
Retrieves permission information for a SharePoint site, list, or item.
View Specific Information
The Permissions view returns permission information for a Microsoft SharePoint site or list.
If ItemId is not specified, you must provide both ObjectType (either 'List' or 'Web') and ObjectName. If ItemId is specified, then ObjectName must also be provided.
Sample Queries
Using ObjectType and ObjectName:
SELECT * FROM Permissions WHERE ObjectType = 'List' AND ObjectName = 'TestList' AND MemberID = '4';
Using ItemId and ObjectName:
SELECT * FROM Permissions WHERE ItemId = 1 AND ObjectName = 'list1';
Permission Masks
A SharePoint permission mask is an 8-byte, unsigned integer that specifies the rights that can be assigned to a user or site group. This bit mask can have zero or more flags set. In programming languages, you can typically extract data from bit masks or convert data to bit masks by making use of bitwise and bitshift operators. Usually the following symbols are reserved for these operators:- &: bitwise logical AND.
- |: bitwise logical OR.
- ^: bitwise logical XOR.
- <<: bitwise left shift.
- >>: bitwise right shift.
To learn more about SharePoint permissions and permission masks, refer to the following SharePoint resources:
- SPBasePermissions enumeration
- Windows SharePoint Services, see the WSS Rights Mask section in the PDF/DOCX specification files.
Columns
| Name | Type | Description |
| MemberID [KEY] | String | A unique identifier for the permission entry. Used to reference and manage specific user or group permissions. |
| Mask | Long | A 32-bit integer in 0x00000000 format representing Microsoft.SharePoint.SPRights values. Defines the permission level; multiple values can be combined using the pipe symbol ('|') in C# or 'Or' in Visual Basic. |
| MemberIsUser | Bool | Indicates whether the permission applies to an individual user. Helps differentiate between user and group permissions. |
| MemberGlobal | Bool | Indicates whether the permission applies to a group. Useful for managing role-based access control. |
| RoleName | String | The name of the site group, cross-site group, or individual user (formatted as DOMAIN\\User_Alias) to whom the permission applies. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| ObjectName | String | The name of the SharePoint list or site where the permission is applied. Helps identify the scope of the permission. |
| ObjectType | String | Specifies whether the permission applies to a 'List' or 'Web'. Useful for managing permissions at different levels. |
| ItemID | String | The unique identifier of the item associated with the permission. Helps track specific item-level permissions. |