Sharepoint - In which situation use SPSecurity.RunWithElevatedPrivileges with superusertoken?
The usual recommendations for using RWEP are to
- Avoid using SPSecurity.RunwithElevatedPrivilege to access the SharePoint object model. Instead, use the SPUserToken to impersonate with SPSite.
- Only use SPSecurity.RunwithElevatedPrivilege to make network calls under the application pool identity. Don't use it for elevation of privilege of SharePoint objects.
- Never use elevated privilege to bypass security-- always use it to work with security.
Unlike your sample, if you pass the system user token to your SPSite constructor, you don't have to wrap it in a RunWithElevatedPrivileges you directly use it as :
SPUserToken systemAccountUserToken = SPContext.Current.Site.SystemAccount.UserToken;
using (SPSite elevatedSite =new SPSite("your-site-collection-URL",systemAccountUserToken)) {}
The user who will run that code will need to have at least "read" access ("visitor group") to your site collection as anonymous users are not allowed to retrieve the system token (without using the app pool account through RWEP...)
So to keep things short, use SPSecurity.RunWithElevatedPrivileges when you want to run some part of the code under the application pool account, remembering that it might not have all required permissions that you're expecting and run under the context of another user when you want to execute part of the code under another identity.
Hope it helped.
Check this out for when and how to use SPUserToken and SPSecurity.RunWithElevatedPrivileges.
Impersonation in SharePoint : An Extreme Overview