Security Scopes

When you absolutely have to use unique permissions while building SharePoint applications; do it the fastest way possible.

In the case of an application where every item in a list is meant to have broken inheritance and uniquely assigned permissions you see a lot of guys doing this. A case where you passed the BreakRoleInheritance method a value of true then looped over the ACL collection of SPRoleAssignments to strip everything off.


Figure 1.

A much more scalable practice is to pass false to the BreakRoleInheritance method.


Figure 1.

Here’s a great post on what Unique Permissions really mean in SharePoint; “Clarify the Security Scope limits in SharePoint lists,” Joel Plaut 2012. Regarding the limit of unique permissions a List can contain be 50k; “The limit is not the unique combinations of ACLs, but instead the number of times permissions has been broken from a parent.”

Of course the moral of this story is to build SharePoint apps that don’t use unique permissions. But when you have to, do it fast.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.