Which properties and functions must be run under elevated privileges?
https://stackoverflow.com/questions/1666909
-
13-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I`d like to know which properties/functions must have which privileges to be used. Is there such a list?
For example, when developing code, how can I know which properties or functions will work for site members, visitors or owners?
Solution
It's not so much about properties and functions. It is really for any time you are trying to execute a bit of code that the current user would not ordinarily have permission to run. For example, say you wanted to create a subsite based on some user-provided info when the user adds an item to a list. The user doesn't have privs to explicitly create such a site on his own. In a list item event receiver you would use a RunWithElevatedPrivileges block to create this subsite. That way the site gets created as the application pool owner rather than as the logged-in user, and you avoid the security issue. Of course, you will want to be careful what you do in such a block.
