I’ve been doing a lot with variations recently and have encountered numerous challenges with keeping data and lists in sync between the various variations. One of the things that we ended up implementing on my current project was a simple event receiver which copied items from one variation to another when that item was approved. From this you can obviously conclude that we had matching lists in each variation. One of the challenges with this was keeping the security on the lists the same between each of the variations and being able to set that security without being able to read the menus of the site (the other variation was in Korean).
So what I decided to create was a simple command that that would enable me to export the security of a list to an XML file. Once I had the XML I could then create an import command which would allow me to set the security on the lists in the other variations or even in other farms so I could get it set in our test farm and then import to production. The first command I created is called, simply enough, gl-exportlistsecurity. I’ll talk about the import command in a follow up post.
Creating this command was actually really easy because I already had a command which would copy the security settings of a source list to a destination list. I could have obviously used this command in a single farm only environment but I wanted the ability to set the security in a test farm and import to the production farm so my gl-copylistsecurity command wouldn’t really work for me. The code also exports folder level and optionally item level security. The code can be seen below:
The syntax of the command can be seen below:
C:\>stsadm -help gl-exportlistsecurity stsadm -o gl-exportlistsecurity Exports a list's security settings to an XML file. Parameters: -url <list view url to export security from> -outputfile <file to output settings to> -scope <Web | List> [-quiet] [-includeitemsecurity]
The following table summarizes the command and its various parameters:
|Command Name||Availability||Build Date|
|gl-exportlistsecurity||WSS v3, MOSS 2007||Released: 4/12/2008
|Parameter Name||Short Form||Required||Description||Example Usage|
|scope||s||Yes||Either web or list. If web then the security for each list within the web will be exported. Note that this does not work recursively – only the lists in the specified web will be exported.||-scope web
|url||Yes||The URL to either a specific list (if scope is list) or to a web if scope is web.||-url http://portal|
|outputfile||file||Yes||The output path to save the results to. Must be a valid filename.||-outputfile "c:\security.xml"
|quiet||No||If specified then progress information will not be output to the console.||-quiet|
|-includeitemsecurity||items||No||If specified then item level security will be exported.||-includeitemsecurity
Here’s an example of using the command to export the security settings on the Documents library which is set to inherit security:
stsadm -o gl-exportlistsecurity -url http://portal/documents/forms/allitems.aspx -outputfile c:\security.xml -scope list
The output from running the above command would be something like (note that the list contained two folders, each inheriting as well):
If we change the list so that it no longer inherits it’s security and re-run the command we’d get results similar to the following:
You may have noticed that I provide lots of details for the role definition bindings – this is so that I can recreate the bindings in a new environment if they are missing.
Update 8/28/2008: I’ve updated the code so that it now optionally exports item level security.