Project Description
Apply an xml-template to a site to set up permissions for the site and its lists and items.
A typical scenario would be to use different security setups depending on the state of a project site.

You can in the xml template define users and groups to be added, removed or modified. You can associate groups with the site, create custom role definitions for the site and set up role assignments for all securable objects from SPWeb down to SPListItem level. You can use caml queries to get a collection of items to set up unique role assignments and you can copy role assignments from other securable objects and merge their role definitions if you like.

All free text attributes in the xml are localizable and you can use a dictionary to resolve values to make the template more dynamic and flexible. The xsd includes intellisence that describes most nodes, attributes and enum values.

A typical scenario would be to use this for projects that use different states.
  • For a startup state, you define a template to use when a project is created where you define all groups and creates associations for them in the site, like ProjectX Owners is associated as Owner and so on. You also define a role assignment for the Associated Owners (i.e. the group ProjectX Owners) to give them full control.
  • When the project enters an online state, you can use a template that creates role assignments for the Associated Members and Associated Visitors with different permission. And maybe you have some lists for administrative purposes so you can define that only the Associated Owners have permissions there. In a case I had, a list was populated with a number of items with different content types. The items should allow different users specific permissions depending on the content type, so I created a CAML-query in the template to get all items with certain content types in the list and set specific permissions for those.
  • In a finalizing state a template could be used to set Read permissions for everything but for the administrator that still have full control.
  • When the project is closed a template could be used to set Restricted Read for everyone including the site administrator.

A thing to note is that security is quite complex in SharePoint 2007. So to use this stuff it's recommended to have a more thorough look into the object model since the terminology in the template uses the same names, like RoleDefinitions instead of Permission Levels in the GUI and some stuff that isn't available in the GUI, like associations of groups in the SPWeb.AssociatedGroups.

In the Template.xsd file I've copied som stuff from the SharePoint xsd-files to get intellisence in the CAML queries, but I strongly recommend to download the CAML Intellisence project from and make a reference to it in my xsd file.

Last edited Aug 18, 2009 at 11:29 AM by wosfilm, version 3