Search This Blog

Tuesday, November 19, 2013

Add/ Edit Permission Level Sharepoint

SharePoint Groups or accounts such as a domain user or domain group can be assigned permissions to a SharePoint object such as a Site, List, Library, Folder or List Item. Permission Levels such as Contribute and Read are made up of individual permissions. Within this section we will explore the Out-of-the-Box permissions levels before exploring how we can create custom permission levels.

Out-of-the-Box Permission Levels

To access the Out-of-the-Box permissions, choose Site Actions, Site Permissions. You will be able to see a list of users/groups that have permission to your team site. Within the Permission Tools ribbon, click Permission Levels to see the existing permission levels.

image

Figure 11 – Accessing Permission Levels

The Out-of-the-Box permission levels include:

Full Control User will receive every SharePoint Permission unless the permission has been removed via a Permission Policy. The permission level cannot be modified.
Design Users with Design Permissions can virtually do everything with the exception of Manage Permissions on the Site, View Web Analytics Data, Create Subsites, Manage Web Site, Create Groups, Enumerate Permissions and Manage Alerts. Users with this permission level can create, edit and delete list items as well as make design changes to the Shared views of the site and lists.
Contribute Contributers can create, edit, and delete items within lists and libraries. They have the same restrictions as Design plus they cannot manage the look and feel of sites or shared views. They cannot apply themes, styles, or modify pages.
Read Readers have the same restrictions as Contributers. In addition they cannot Create, Edit or Delete Items. They can only open items to read them. They also do not get any personal permissions and therefore cannot add or remove personal web parts, manage personal views or edit personal user information.
Limited Access Limited Access provides you enough permissions to navigate to an item that you do have permission to. For example, you may have been granted Read permissions to a Document within a library that had broken permission inheritance. If you did not have permissions granted to you for the site or library that contained the document, you would be granted limited access which allows you to navigate to the document without seeing any other content. Limited Access is often incorrectly reported in the permission reports. E.g. A user may have Full Control to a Site via a Domain Group. They are also granted permissions directly to a document. The user would then be listed as having Limited Access instead of Full Control to the Team Site.
View Only The same as read but cannot download documents. Can only view them in the browser.
Approve Very similar to contribute but also has Approve Items permission.
Manage Hierarchy Virtually the same as Full Control but does not have Design change options such as apply theme. Used by users who are likely to move sites around.
Restricted Read Can view pages and documents, but cannot view historical versions or user permissions.
Creating Custom Permission Levels

You can change the existing permission levels or create your own permission levels at the root site level in the site collection only. In SharePoint 2007, this could be done at sub site level. It is possible to break permission level inheritance but only through the Object Model but that is beyond the scope of this article. You will find a good explanation here: http://stackoverflow.com/questions/7038444/programatically-break-permission-level-inheritance

Note: I would recommend never changing the existing permission levels as that would be very confusing to users who expect a permission level to behave within a certain way.

The reason for creating a custom permission level will be specific to your needs. It might be that you want for example a permission level that lies somewhere between Read and Contribute. Perhaps you want users to be able to Add and Edit items but not Delete.

You can create a custom permission level in two ways. Firstly, you can create them from scratch and select each permission that you would like the permission level to have. Or you can copy an existing permission level, provide it a new name, and then apply the changes to the new copy.

To create a new permission level from scratch:

  1. 1. Ensure that you are a Site Owner with the Manage Permissions role.
  2. 2. Click Site Actions, Site Permissions.
  3. 3. Click the Permission Levels button
  4. 4. Click the Add a Permission Level action button.
  5. 5. Provide a Name and Description for your custom permission level.
  6. 6. Check the Site, List, and Personal permissions that you wish to grant to the permission level.
  7. 7. Click Create.

image

Figure 12 – Creating a custom permission level from scratch.

To create a custom permission level by copying an existing permission level:

  1. 1. Ensure that you are a Site Owner with the Manage Permissions role.
  2. 2. Click Site Actions, Site Permissions.
  3. 3. Click the Permission Levels button
  4. 4. Click on an existing permission level such as Contribute.
  5. 5. Scroll to the bottom of the page.
  6. 6. Click the Copy Permission Level button.

image

Figure 13 – Copying a Permission Level.

7. Provide a Name and Description for your custom permission level.

8. Make the desired changes by selecting or deselecting the permissions check boxes.

Assigning Permissions Levels

Permission Levels can be assigned to Users, Local Groups or Domain Groups as well as SharePoint Groups. There are different opinions on what you should do. However, my personal preference is to use add domain groups to SharePoint Groups in order for permissions to be granted rather than assigning domain groups permissions directly. Within your environment, you may find granting permissions directly to Active Directory users or groups works best.

To assign permissions to a SharePoint Group:

  1. 1. Choose Site Actions, Site Permissions.
  2. 2. Check the box of the group that you would like to modify.
  3. Click the Edit User Permissions button

image
Figure 14 – Editing permissions for a SharePoint group

3. Check the permission level that you would like to grant to this SharePoint Group.

image

Figure 15 – Assigning the custom permission level

No comments:

Post a Comment