I am facing error "Access is denied" on "item.BreakRoleInheritance" while login with restricted user permission. Although i am using it under 

SPSecurity.RunWithElevatedPrivileges(
 delegate()
 {});

Please correct me what i am doing wrong as i've spent alot of time surfing google and found many solutions but nothing work out. Here is my method;

public void RemoveAllPermissions(SPItemEventProperties properties)

        {           
           SPList myList = properties.Web.Lists[properties.ListId];

           //Guid listID = properties.ListId;
           //Guid listItemID = properties.ListItemId;

           SPListItem listItem = myList.Items.GetItemById(properties.ListItemId);
           //properties.Web.Lists[listId].GetItemById(itemId);

           SPUserToken token = properties.ListItem.Web.Site.SystemAccount.UserToken;

            SPSecurity.RunWithElevatedPrivileges(
            delegate()
            {

                using (SPSite site = new SPSite(listItem.Web.Site.ID, token))
                {
                    site.AllowUnsafeUpdates = true;
                    using (SPWeb web = site.OpenWeb(listItem.Web.ID))
                    {
                        web.AllowUnsafeUpdates = true;

                        //SPWebApplication webApp = web.Site.WebApplication;
                        //webApp.FormDigestSettings.Enabled = false;

                        listItem.BreakRoleInheritance(true); /// Error: Access is denied
                        web.AllowUnsafeUpdates = true;

                        //Get the list of Role Assignments to list item and remove one by one.
                        SPRoleAssignmentCollection SPRoleAssColn = listItem.RoleAssignments;
                        for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
                        {
                            SPRoleAssColn.Remove(i);
                        }

                        //webApp.FormDigestSettings.Enabled = true;
                        web.AllowUnsafeUpdates = false;

                    }
                }
            });
       }

And calling it in event receiver method ItemUpdated() like 

 userRoleAndPermission = new UserRoleAndPermission();
 SPWeb currentWeb = properties.ListItem.Web;
  currentWeb.AllowUnsafeUpdates = true;
 userRoleAndPermission.RemoveAllPermissions(properties);

But getting error "Access is denied". Please pin point what i m doing wrong.

                                                                        

Hello!

First of all, I suggest to use either SPSite and SPWeb created with the SystemAccount token or SPSecurity.RunWithElevatedPrivileges, but not both in the same time. So, rewrite your code, for example, like this

SPSecurity.RunWithElevatedPrivileges(delegate()
{
   using (SPSite site = new SPSite(listItem.Web.Site.ID))
   {
      using (SPWeb web = site.OpenWeb(listItem.Web.ID))
      {
      }
   }
}

The second,  the exception is caused because you use not elevated listItem received outside the SPSecurity.RunWithElevatedPrivileges and not through the elevated SPSite and SPWeb. The correct code should look like

SPSecurity.RunWithElevatedPrivileges(delegate()
{
   using (SPSite site = new SPSite(listItem.Web.Site.ID))
   {
      using (SPWeb web = site.OpenWeb(listItem.Web.ID))
      {
	 web.AllowUnsafeUpdates = true;
		
         SPList elevatedmyList = web.Lists[properties.ListId];
         SPListItem elevatedlistItem = elevatedmyList.GetItemById(properties.ListItemId);

         // do what you need with elevatedlistItem

	 web.AllowUnsafeUpdates = false;
      }
   }
}

By the way, if you decide to use SystemAccount token, to get it correctly I recommend to use the method described here. Because getting SystemAccount token can cause AccessDenied as well.

Using the corrected code i got the error "Item does not exist. It may have been deleted by another user." on line 

SPListItem elevatedlistItem = elevatedmyList.GetItemById(properties.ListItemId);

Hello,

What is the event you use? If you use "ItemAdding", try to switch to "ItemAdded"

I got the answer. Call the method from item checked in code block.

• Marked as answer by zeshan ahmad Wednesday, June 13, 2012 2:47 PM

Using Objects in Event Receivers

Do not instantiate SPWeb, SPSite, SPList, or SPListItem objects within an event receiver. Event receivers that instantiate SPSite, SPWeb, SPList, or SPListItem objects instead of using the instances passed via the event properties can cause the following problems:

• They incur significant additional roundtrips to the database. (One write operation can result in up to five additional roundtrips in each event receiver.)

• Calling the Update method on these instances can cause subsequent Update calls in other registered event receivers to fail.

Bad Coding Practice

Instantiating an SPSite Object Inside an Event Receiver

C#

public override void ItemDeleting(SPItemEventProperties properties)
{
    using (SPSite site = new SPSite(properties.WebUrl))

    using (SPWeb web = site.OpenWeb())
        {
        SPList list = web.Lists[properties.ListId];
        SPListItem item = list.GetItemByUniqueId(properties.ListItemId);
        // Operate on item.
        }
    }
}

Good Coding Practice

Using SPItemEventProperties

C#

// Retrieve SPWeb and SPListItem from SPItemEventProperties instead of
// from a new instance of SPSite.
SPWeb web = properties.OpenWeb();
// Operate on SPWeb object.
SPListItem item = properties.ListItem;
// Operate on item.

• Edited by Leo LuisMVP 9 hours 49 minutes ago