First step in the process is to create a basic feature for MOSS. For more information in regarding the template, view the information here: Creating a SharePoint Custom Event Handler as a feature – Basics

The steps I took in creating item level security utilized a custom list in MOSS. This way, the user can customize the setting of the feature and also the group/user permissions that will be set. This can also be done using a config file or other possibilities, but for my example, I used a list.

Configuration List Setup

Browse to the SharePoint site you have the Security event handler feature activated and create a new list called: ItemLevelSecurityConfiguration(or whatever you want to call it). A basic example of what the list should include is as follows:


For the columns Group 1 and Group 2, I set the following:

  • Allow multiple section = Yes
  • Allow selection of = People and Groups
  • Choose From = All Users
  • Show Field = Name


For the column RoleType, I set the choice values as follows:

  • Administrator
  • Contribute
  • Guest
  • Reader
  • WebDesigner


For my example, I set the default value as Contribute.

To set the values of the configuration list, observe the following for reference:

  • Title = Name of the entry, usually the same name as the document library
  • WebURL = the web URL of the site that the feature is activated on
  • SharePointList = SharePoint Document library that will incorporate the security event handler feature
  • Group 1 = the groups(or user) that will be given access to the document.
  • Group 2 = the groups(or user) that will be given access to the document.
  • RoleType = type of permissions the groups are given access to the document (default is Contribute).

Connecting to the Configuration List

A method that I created that gathered the information from the configuration list is called SetConfiguration. This method allows the user to pass in 2 parameters, a SPWeb & document library name. 

Since the configuration list shouldn’t change often, I decided to cache the values, so that the setting of the configuration is kept to a minumum. Line 19 shows me inserting the values into the HttpRuntime.Cache, expiring after 1 day (DateTime.Now.AddHours(24)).  Therefore, next time this method is called, it will be able to populate the SPListItem without parsing through the MOSS list. The SPListItem specifies a specific row or item in a list. To determine this row, I used a SPQuery method utilizing CAML to retrieve the SharePointList values where it matches the current document library that the feature is running. I then call the SPList GetItems method to populate a list item collection.

Now we have a customizable list and a connection for this list. The next post will show the ways to apply the security to the individual documents.