I’ve been in the trenches updating DeliverPoint to work with Windows SharePoint Services 3.0/Microsoft Office SharePoint Server 2007 for the past 3 months and thought I’d take a moment to start blogging some issues I’ve found along the way yet have not had the time to post yet.
Apparently SPWeb.HasUniqueRoleDefintions does not always report accurately.
From the SDK as of 04-10-2007:
SPWeb.HasUniqueRoleDefinitions
“Gets a Boolean value that indicates whether the role definitions are uniquely defined for this Web site or inherited from a parent Web site.“
But here’s the problem.
Regardless if HasUnqiueRoleDefinitions is true or false, when you access the ParentWeb property of the SPRoleDefinition you get from the SPWeb.RoleDefinitions collection, ParentWeb always returns a reference to the same web the collection is being derived from. I.e., it never points to any other web.
So if by chance you were working with a SPRoleDefinition for a SPWeb where HasUniqueRoleDefinitions was false, and you accessed SPRoleDefinition.ParentWeb, you would in fact get that web. SPRoleDefinition.ParentWeb always refers to the web the collection was derived from. Therefore from a reference to SPRoleDefinition.ParentWeb, I could not enumerate the proper RoleDefinition collection from ParentWeb.RoleDefinitions. It’s possible that said SPRoleDefinition doesn’t even belong in that collection.
This means one of three different possibilities
1) Role Definitions are truly uniquely defined at every web (Just like the old V2 “Group”….That’s really what they are), and HasUniqueRoleDefinitions is something that was an “Idea” but was never fleshed out, because the concept of Role Definition inheritance never was fully fleshed out, or
2) I’ve misread the purpose of this property, and relating it to the RoleDefinition collection for the web, i.e…Just because HasUniqueRoleDefinitions might be True, does not mean that you can access the SPWeb.RoleDefinitions to get to those unique Role Definitions at that web.
3) SPWeb.hasUniqueRoleDefintions is flat out busted.
Regardless, I can’t rely on it, and I can’t wait for a hotfix to be released and take a dependency on the hotfix or a later service pack…So, I’ve “worked around” the problem :).
– Keith
Keith Richie 
have you tried SPWeb.FirstUniqueRoleDefinitionWeb?
I think the key was that if the web didn’t truly have unique role definitions, then it should report False.
It’s been awhile since I looked at this, and should go back as soon as I can and ensure that I was right when I hit this
While there may not be role definition duplication, the role definitions can still be shared. Breaking role inheritance means that the set of role definitions for that web is distinct from its parent, not that there’s a copy of each role definition created.
I know this topic is over a year old, but I stumbled onto the same issue, but found that if you call SPWeb.RoleDefinitions.BreakInheritance(false, false) that trips the SPWeb.HasUniqueRoleDefinitions flag. I think the SPWeb.BreakRoleInheritance method only disassociates the RoleAssignments from the Parent Web. It does not touch the RoleDefinitions, and the HasUniqueRoleDefinitions flag is looking for a break at the “permission level”, which is deeper.