The SDK says this: "The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user."
However, if you run code like this, the CurrentUser is still the security context of the caller of the code, not the system account:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPWeb web = SPContext.Current.Web;
});The object SPWeb is created directly by the context of the current user, the application pool identity. You must instantiate a new SPWeb in the context of elevated privileges to use the correct context.
It will also consider removing this SPWeb afterwards.
This example has the advantage of not having to worry about the URL and dispose objects:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID))
{
using (SPWeb web = site.OpenWeb(SPContext.Current.Web.ID))
{
}
}
});