Post

Security Scopes

When you absolutely have to use unique permissions while building SharePoint applications; do it the fastest way possible.

In the case of an application where every item in a list is meant to have broken inheritance and uniquely assigned permissions you see a lot of guys doing this. A case where you passed the BreakRoleInheritance method a value of true then looped over the ACL collection of SPRoleAssignments to strip everything off.


Figure 1.

A much more scalable practice is to pass false to the BreakRoleInheritance method.

Figure 1.

Here’s a great post on what Unique Permissions really mean in SharePoint; “Clarify the Security Scope limits in SharePoint lists,” Joel Plaut 2012. Regarding the limit of unique permissions a List can contain be 50k; “The limit is not the unique combinations of ACLs, but instead the number of times permissions has been broken from a parent.”

Of course the moral of this story is to build SharePoint apps that don’t use unique permissions. But when you have to, do it fast.

This post is licensed under CC BY 4.0 by the author.