Used to setup groups and configure baseline security for the entire web. General types of actions supported:
  1. Control of permission inheritance through the RoleAssignments attribute
  2. Creation/Deletion of site groups
  3. Association of Groups to sucrity roles a la "Setup Groups" page
  4. Association of Group to general roles

Note: By default, ACL actions shall only be performed on a site that already has unique permissions. If you want ACL actions to be always performed regardless of whether the user specified unique/inherited permissions set the RespectInheritanceSetting="false".

<FixupWebACL RoleAssignments="BreakClean" SyncGroupQuickLaunch="true" RespectInheritanceSetting="false">
  <SiteGroup Action="Create" Name="{{SPWeb.Title}} Owners" />
  <SiteGroup Action="Create" Name="{{SPWeb.Title}} Members"  />
  <User Action="Create" LoginName="BUILTIN\Administrators" DisplayName="Administrators" Email="email@blah.com" Description="Blah" />

 
  <AssociateSiteGroup Name="{{SPWeb.Title}} Owners" Role="Owner" />
  <AssociateSiteGroup Name="{{SPWeb.Title}} Members" Role="Member" /> 
  <PrincipalRole Action="Add"  Name="BUILTIN\Administrators" Type="User"  Role="Visitor" />   
</FixupWebACL>

Order of Execution
  1. Break / inherit permissions through the RoleAssignments attribute: BreakClean, BreakAndCopy
  2. Creation/deletion of site groups (in the order of declaration)
  3. Site Group Associations
  4. SyncGroupQuickLaunch based on associations from the previous step

Last edited Aug 4, 2012 at 3:21 AM by landrumjc, version 2

Comments

No comments yet.