SharePoint is widely used for storing and maintaining content. Different groups of users access SharePoint, but what if an organization wants to provide granular customized access rights like read, write or delete for different users? SharePoint does provide some permission levels like Full Control, Design, Contribute, Read, Limited Access and others. The problem with these permission levels is that they are predefined. Sometimes these predefined permission sets do not satisfy the business needs. For instance, if you want to provide a set of users read and add permissions, without being able to delete items. This wouldn't be possible with the predefined SharePoint levels as it provides you add, edit and delete access all together.
SharePoint facilitates the ability for administrators to create user defined permission levels (i.e. one can create custom permission levels with the desired permissions). Here we will create a custom permission level which will allow users only to view and add list items. The user will not be able to perform other operations on list items like edit and delete.
Creating a custom permission level
First, we will create a custom permission level. To create a custom permission level, go to Site Actions->Site Settings. Under the "Users and Permissions" category, click on "Advanced permissions".
Now click on Settings->Permission Levels
Click on "Add a Permission Level"
Provide a unique name and description to the Permission Level. Permission Levels are divided into three levels
Each set contains different kind of permission selections like add, edit, delete, open, etc.... In our case we need to update List and Site permissions in order to allow users to access sites and perform operations on a list. So in the "Permissions" category, under the "List Permissions" section, select the below three permissions:
- Add Items - Add items to lists, add documents to document libraries, and add Web discussion comments.
- View Items - View items in lists, documents in document libraries, and view Web discussion comments.
- View Application Pages - View forms, views, and application pages. Enumerate lists.
Under the "Site Permissions" section, select the permissions below:
- View Pages - View pages in a Web site.
- Open - Allows users to open a Web site, list, or folder in order to access items inside that container.
Click on "Create" and now you can see the custom permission level listed in site permission levels.
Putting the permission group to use
Now we will add a user with our custom level permissions to the site. To add a user go to Site Action->Site Settings->Users and Permissions->People and Groups. Click on "All People".
Click on "New" and then on "Add Users"
Provide Username in the "Users/Groups" section and select our custom permission "AddandViewOnly" permission and click OK.
Now when a user tries to access the list, he would be able to add an item from the "New" menu and to view items from the ECB Menu as show below, but he won't be able to view other options for editing or deleting items.
- Figure out and catalogue List and Site level permissions that you would and would-not like to give to your users.
- Based on your catalogue create different custom permissions that you would need to use frequently for your site users.
Last Update: 2010-09-02
About the author
View all my tips