Grant and deny permissions

When creating permission, you can grant or deny actions for specific user or role. Granting an action is permitting users to perform it on the specified ISecuredObject item. Denying an action is prohibiting it for the users. For more information, see Overview: Permissions in Installation and administration guide.

To store the granted or denied actions for the secured object, the permissions use integral bit masks. For more information, see For developers: Permissions API. Sitefinity CMS provides you with helper methods in the Permissions class that you use to grant and deny permissions.

When granting and denying actions, first, you must create or get the permission. For more information, see For developers: CRUD operations with permissions.
After you get the permissions, to grant actions, you use the GrantActions method. The first parameter of the method defines whether to remove any previously granted actions. If set to true, the specified actions are granted without removing any previously set actions. If set to false any previously set actions are cleared and the new actions are set. The next parameters of GrantActions specify the granted actions. 

The following example grants the view, create and delete blog actions for permission.

To reset specific granted actions, you use the UngrantActions method.
The following example ungrants the delete blog action for permission.

To deny actions, you use the DenyActions method. The first parameter of the method defines whether to remove any previously denied actions. If set to true, the specified actions are denied without removing any previously set actions. If set to false any previously set actions are cleared and the new actions are set. The next parameters of DenyActions specify the denied actions. 
The following example denies the change permissions blog action for permission. 

To reset specific denied actions, you use the UndenyActions method.  
The following example undenies the change permissions blog action for permission.