Powershell, Sharepoint and granting SPBasePermissions

Over the last few months, I’ve been learning how to automate Sharepoint installs and perform base configurations.  Between psconfig, stsadm and stsadm extension by Gary LaPoint, I’ve been able to achieve pretty much a scripted install.   Most of the configuration has been just setting up a Sharepoint farm.  I ran into a situation where I needed to create a custom Permission Level in the post configuration section.   This was my first venture into using Powershell and the Microsoft.Sharepoint.dll API.   I’m trying to do everything without having a compiled application. All my scripts are currently using Powershell v1.0.   I ran into a limitation when trying to automate granting the custom Permission level.  I received this error.

Cannot convert value “EnumeratePermissions” to type “System.Int32”. Error: “Value was either too large or too small for an Int32.”

Here is the script I ran using the -bor operator that produced the error. 

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)
$site = new-object Microsoft.SharePoint.SPSite(http://www.example.com)
$web = $site.OpenWeb()
$perm = new-object Microsoft.SharePoint.SPRoleDefinition
$perm.Name = “Example Permission”
$perm.Description = “Example Permission Mask”
$perm.BasePermissions = [Microsoft.SharePoint.SPBasePermissions]::SPBasePermissions.BrowseDirectories -bor [Microsoft.SharePoint.SPBasePermissions]::ViewPages -bor [Microsoft.SharePoint.SPBasePermissions]::EnumeratePermissions -bor [Microsoft.SharePoint.SPBasePermissions]::BrowseUserInfo -bor [Microsoft.SharePoint.SPBasePermissions]::UseRemoteAPIs -bor [Microsoft.SharePoint.SPBasePermissions]::Open
$web.RoleDefinitions.Add($perm)

With assistance from the Powershell Community, they showed me a modified way to do bitmasks in Powershell (bit masks and -bor are limited to 32 bit integer.  Here is the modified code.  The only difference is the bitmask options

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)
$site = new-object Microsoft.SharePoint.SPSite(“http://example.com“)
$web = $site.OpenWeb()
$perm = new-object Microsoft.SharePoint.SPRoleDefinition
$perm.Name = “Example custom Permission”
$perm.Description = “Custom Permission Mask”
$perm.BasePermissions = “BrowseDirectories,ViewPages,EnumeratePermissions,BrowseUserInfo,UseRemoteAPIs,Open,ViewListItems,ViewVersions,OpenItems”
$web.RoleDefinitions.Add($perm)

//Grant a domain user to the Example Custom Permission from within a site collection
stsadm -o adduser -url http://www.example.com -userlogin DomainUsername -useremail someone@example.com -role “Example custom Permission” -username DomainNameUsername

Hope this helps someone.

Cheers,

Steve Schofield
Microsoft MVP – IIS