Many times during SharePoint development you may need to execute code or access information that the current impersonated user does not have access to. An internal example of this is SharePoint elevating calls to the database. Every application user doesn’t need assigned roles in SQL Server, only the SharePoint runtime accounts need to be configured for SQL Server access.

The SPSecurity class provides the static method RunWithElevatedPrivileges for elevating calls. Code executing using this has Full Access so care must be taken not to elevate code that relies on authentication and/or authorization rules.

Here is an example showing the syntax to define an anonymous method in the call to RunWithElevatedPrivileges

Note – When elevating code using RunWithElevatedPrivileges you will need to a new SPSite object within the call. Any SPSite objects that were been instantiated before the call to RunWithElevatedPrivileges would not have the required elevated access as they were created as the user being impersonated.

This entry was posted on Tuesday, November 23rd, 2010 at 11:07 pm and is filed under Development, Security, SharePoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.