I got a comment the other day on my blog about an issue with the copying/importing of lists. The problem was that the security settings on the list were not being preserved during the import. The natural assumption is that if I specify "-includeusersecurity" that any permissions on the list would be preserved. In other words, if my source list was not inheriting permissions on the list itself, a folder, or an individual item, then those custom permissions should carry over when I import the list to a new web. Unfortunately this is not the case - includeusersecurity only copies over the users and groups, not the permissions (at least when importing a list).
I tore through the code to see if there was some setting that I was missing that would make this work but alas, I found nothing. For me this problem was a huge concern because it would be too easy for someone to want to copy a list and just expect that the security remained the same (as I unfortunately did). Because of the potential security issues I decided it was prudent to find a workaround. What I ended up creating was a new command which could be used to copy the permissions from one list to another: gl-copylistsecurity.
The code is also written so that it can be used independently as its own command or via the existing gl-importlist and gl-copylist commands, which have now been updated to utilize this new feature. By default the command, when used independently, will only copy the permissions for the list itself and all folders - it will not copy permissions for individual list items unless you pass in the "-includeitemsecurity" parameter. When used by the gl-copylist command and the gl-importlist command this option is set to true. This way you can set the security on one list the way you want it and then propagate those settings to other, similarly structured lists without having to do it by hand. The code can be seen below:One thing to note - I've not had a lot of time to test every possible scenario with this. It's quite possible you may run into issues if a Role Assignment can't be found due to a missing user or group or something like that (though I believe from my testing that it should simply ignore those users and not add the permission - I don't believe it will try to add the user or group so make sure all your users of interest exist in the target site). It worked quite well for me in my environment but I'm running short on time and was not able to test a lot of scenarios. If you run into any issues please pass your findings along so that others can benefit. The syntax of the command can be seen below:
C:\>stsadm -help gl-copylistsecurity stsadm -o gl-copylistsecurity Copies a list's security settings from one list to another. Parameters: -sourceurl <list view url to copy security from> -targeturl <list view url to copy security to> [-quiet] [-includeitemsecurity]Here's an example of how to copy the permissios from one list to another:
Note that gl-copylist and gl-importlist have been updated to include this functionality.stsadm -o gl-copylistsecurity -sourceurl "http://intranet/documents/forms/allitems.aspx" -targeturl "http://intranet/testweb1/documents/forms/allitems.aspx" -includeitemsecurity