3.1.5.58 proc_SecChangeToUniqueScope

The proc_SecChangeToUniqueScope stored procedure sets a securable object such as a site, list, or document library to use its own unique security scope, instead of inheriting its security scope from the first ancestor with uniquely permissions.

 PROCEDURE proc_SecChangeToUniqueScope(
       @SiteId                        uniqueidentifier,
       @WebId                         uniqueidentifier,
       @OldScopeId                    uniqueidentifier,
       @CopyFromScopeId               uniqueidentifier,
       @Url                           nvarchar(260),
       @DocId                         uniqueidentifier,
       @bIsWeb                        bit,
       @UserId                        int,
       @CopyAnonymousMask             bit,
       @CopyRoleAssignments           bit,
       @ClearSubScopes                bit,
       @bBreakBySiteOwner             bit,
       @ReturnAuditMask               bit,
       @MaxScopeInList                int,
       @NewScopeId                    uniqueidentifier = NULL OUTPUT,
       @RequestGuid                   uniqueidentifier = NULL OUTPUT
 );

@SiteId: The site collection identifier (section 2.2.1.9) of the site collection containing the securable object specified by @Url or @DocId to be set to use a unique security scope.

@WebId: The site identifier (section 2.2.1.11) of the site that is or contains the securable object.

@OldScopeId: The scope identifier (section 2.2.1.8) for the original security scope of the securable object specified by @Url or @DocId.

@CopyFromScopeId: The scope identifier for a security scope to copy the administrator role, anonymous user permissions, and role assignments from for use as the new security scope. This parameter MUST NOT be NULL.

@Url: The store-relative form URL for the securable object. The securable object MUST be specified by the @Url or the @DocId parameter. The @Url parameter MUST be NULL to specify the securable object with the @DocId parameter.

@DocId: The document identifier (section 2.2.1.2) of the securable object. The @DocId parameter MUST be ignored and can be NULL if @Url specifies the securable object.

@bIsWeb: A bit flag specifying whether the securable object is a site. If this parameter is set to 1, then the securable object is a site, and all subsites which inherit their security scope from the site specified by @SiteId MUST have their inheritances changed to the new security scope. This parameter MUST be set to 0 if @Url does not point to a site, and this parameter MUST be set to 1 if @Url points to a site.

@UserId: Specifies the principal to be added to the new security scope in the administrator role, unless overridden by the @bBreakBySiteOwner parameter or the @CopyFromScopeId parameter.

@CopyAnonymousMask: A bit flag specifying whether to copy anonymous user permissions from the @CopyFromScopeId parameter into the new security scope. If this parameter is set to 1, then the permissions for anonymous user access MUST be copied from the @CopyFromScopeId parameter into the new security scope.

@CopyRoleAssignments: A bit flag specifying whether to copy the role assignments from the @CopyFromScopeId parameter into the new security scope. If this parameter is set to 1, then the role assignments MUST be copied from the @CopyFromScopeId parameter into the new security scope. If both @bBreakBySiteOwner and @CopyRoleAssignments are set to 1, then the setting of @CopyRoleAssignments will take precedence. The role assignments are copied from the security scope provided in @CopyFromScopeId.

@ClearSubScopes: A bit flag specifying whether to change every site, list and document library under the URL to the new security scope or to change only inheriting ones to the new security scope. If this parameter is set to 1, then every site, list and document library under the URL MUST be changed to the new security scope, including no inheriting ones.

@bBreakBySiteOwner: A bit flag specifying whether to use the site owner in the administrator role instead of the principal specified by @UserId. If this parameter is set to 1, then the site owner MUST be added to the administrator role in the new security scope definition. If both @bBreakBySiteOwner and @CopyRoleAssignments are set, then the setting of @CopyRoleAssignments will take precedence. The role assignments are copied from the security scope provided in @CopyFromScopeId.

@ReturnAuditMask: A bit flag specifying whether to return a Site Audit Mask Result Set. If this parameter is set to 1, then a Site Audit Mask Result Set MUST be returned on successful completion.

@MaxScopeInList: An integer value specifying the maximum number of unique security scopes under a list. If a list item's security scope is changed and the list including this list item already has @MaxScopeInList unique security scopes, then the stored procedure MUST return an error using the integer return code 1340.

@NewScopeId: The scope identifier generated for the new security scope, returned as an output parameter.

@RequestGuid: The optional request identifier for the current request.

Return Values: The proc_SecChangeToUniqueScope stored procedure returns an integer return code which MUST be listed in the following table.

Value

Description

0

Successful execution.

3

The specified securable object was not found at the specified location, the @OldScopeId does not match the securable object's scope identifier, or the securable object has unique permissions.

1340

A list item's security scope is changed and the list including this list item already has @MaxScopeInList unique security scopes.

If @ReturnAuditMask has a value of 1, then the proc_SecChangeToUniqueScope stored procedure MUST return a single result set on successful completion; otherwise, zero result sets MUST be returned.