Share via


Elevation of Privilege

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Elevation of privilege is a new feature of Windows SharePoint Services 3.0that enables you to programmatically perform actions in code using an increased level of privilege. The SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.

A standard usage of RunWithElevatedPrivileges is:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    // do things assuming the permission of the "system account"
});

Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes.  For example:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
       // do things assuming the permission of the "system account"
    }
});

Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them.