We normally follow different approaches to update the SharePoint
items or any property of web. Approaches like running piece of code with
elevated privileges OR allows unsafe updates OR Uses User Tokens. As SharePoint
developer we should know what happens at each approach.
RunWithElevatedPrivilages:
This is a static method in SPSecurity class. This method can
be used to run piece of code with system account/application pool account
access through delegation. This
method runs under the Application Pool identity, which has site collection
administrator privileges on all site collections hosted by that application
pool. As well as this allow to access other resources like network shared
location, data sources.
AllowUnsafeUpdate:
This is a property of SPWeb class. Using this property we
can get or set the unsafe update behavior. At the same time the updates only
acceptable in the SPWeb boundary. This is
used for Gets or sets a Boolean value that specifies whether to allow updates
to the database as a result of a GET request or without requiring a security
validation.
UserToken:
This is another way of impersonation. This approach can be followed if the custom
code want to access data with in the boundary. For example when we use
RunWithElevatedPrivilages it grant
access beyond boundary like other data sources.