Learn How to Create Custom Permission Level in SharePoint Online
SharePoint offers multiple customization options to organizations to manage and control who can view the site edit add, or delete the site’s contents. However, it provides a default access permission or set of actions to which members can be assigned. In some situations only add or edit access is transferred to members but not delete access. A question can be asked why? By default the edit or add access comes with delete access. Maybe there is a situation where a site owner wants its member to add or edit but not delete. In this case, you should know how to create custom permission level in SharePoint Online.
Table of Content
In this blog, we are going to define the methods to create permission levels in SharePoint Online using Admin Center and PowerShell. So, let’s get started.
Default Site Permissions in SharePoint
Let’s see some default site permissions in SharePoint which will help to create a custom permission.
There are six default permissions in SharePoint widely used to grant access to users. Let’s understand each category.
- Full Access: This permission is assigned to the owner of the site who can manage themes, members, site settings, site permissions, and association.
- Edit: Permission to edit the content of the site’s list and libraries such as adding or removing content whenever required.
- Design: Having the design permission allows users to customize the site design.
- Limited Access: This permission is assigned to group members who can edit add or delete subsites and files in the SharePoint site.
- View Only: This permission is assigned to external users who are not a part of the group. They have only view access to the site.
What are SharePoint Online Permission Levels?
Knowing how to add permissions to SharePoint sites is crucial but knowing the SharePoint permission levels is also important. So, let’s discuss each one in detail.
- Individual Permissions – These are the permissions assigned to the user to perform specific actions within a SharePoint site. The permissions can be varied as per the requirement.
- SharePoint Group Permissions – SharePoint groups act as a container for SharePoint users. Combining multiple users into a SharePoint group simplifies the assigning of permissions.
How to Create Custom Permission Level in SharePoint Online?
Follow the below steps to create a new custom permission level in SharePoint.
Step 1. Firstly, open and log in to Your SharePoint site.
Step 2. Click on the site setting icon placed in the upper left corner and Click on site permission.
Step 3. Now click on Advanced Permissions Settings.
Step 4. In the toolbar click on the Permission level.
Step 5. Now click on Edit.
[Note:– You can also edit the existing permission level if required]
Step 6. In the edit permission level scroll down and click on the “Copy Permission Level” button.
Step 7. Now you will land on a new page “copy permission level”- enter the name of the new permission level and the description.
Step 8. Scroll down and unselect the highlighted delete permissions.
Step 9. Then click on the Create button.
Step 10. Finally, check whether the new permission level is created or not
How to Create Custom Permission Level in SharePoint Online Using PowerShell?
PowerShell commands help to automate the process involved in creating custom permission levels.
Copy this command into your PowerShell
#Load SharePoint runtime. Add-Type -Path "Add SharePoint path" Add-Type -Path "Add SharePoint runtime path" # Tokens needed to execute the command $SiteUrl = "Your site URL" $SourcePermissionLevelName ="enter the source permission name from where you want to copy the permission level" $TargetPermissionLevelName ="name of permission level you want" Try { #command to get the cred. $Cred = Get-Credential $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password) #establish context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) $Ctx.Credentials = $Credentials $Web = $Ctx.Web #fetch source permission level $RoleDefinitions = $web.RoleDefinitions $Ctx.Load($RoleDefinitions) $SourceRoleDefinition = $RoleDefinitions.GetByName($SourcePermissionLevelName) $Ctx.Load($SourceRoleDefinition) $Ctx.ExecuteQuery() #get all basic permission levels and remove delete permission $TargetBasePermissions = $SourceRoleDefinition.BasePermissions $TargetBasePermissions.clear([Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems) #check for already existing permission level $TargetPermissionLevel = $RoleDefinitions | Where-Object { $_.Name -eq $TargetPermissionLevelName } if($TargetPermissionLevel -eq $null) { #make a new permission level $PermissionCreationInfo = New-Object Microsoft.SharePoint.Client.RoleDefinitionCreationInformation $PermissionCreationInfo.Name = $TargetPermissionLevelName $PermissionCreationInfo.Description = $TargetPermissionLevelName $PermissionCreationInfo.BasePermissions = $TargetBasePermissions #add definition role $TargetPermissionLevel = $Web.RoleDefinitions.Add($PermissionCreationInfo) $Ctx.ExecuteQuery() Write-host "Created" -ForegroundColor Green } else { Write-host "exists with the same name already" -ForegroundColor Red } } Catch { write-host -f Red "Error!" $_.Exception.Message }
After following this you do not need to search again for how to create custom permission level in SharePoint Online.
Read More: How to Change SharePoint Site From Private to Public?
How to Assign Custom Permission Level to SharePoint Users?
After creating the custom permission level, follow the below steps to assign that permission to the users.
For Non-Microsoft 365 Group Connected Sites
- Open the Advanced Permission Settings.
- Tick the checkbox of the SharePoint group for which you are adding custom permission.
- Now, click on Edit User Permissions.
- Uncheck the checkbox of the Edit option.
- Enable the checkbox of the new custom permission and hit Ok.
Microsoft 365 Group Sites
In Microsoft 365 group-connected sites, the Edit Users Permissions option will be greyed out. So, let’s execute the below steps.
- Back to the Site Permissions section.
- Select the Site members and modify the Edit Permission to Read. Now the group will move to the site visitors.
- Open Advanced Permission settings and click grant permissions.
- In the Invite People section, provide the name of the group to whom you want to apply the newly created permission.
- In the Permission level option, choose your new custom permission.
- Finally, click on the Share button to apply the changes.
Conclusion
In this article, we have discussed the complete process of how to create custom permission level in SharePoint Online. We have elaborated on the admin center and PowerShell commands as well to create a new permission level. Now, you can create a new permission level and also assign that permission to the users efficiently.
FAQs
Q1. How to create custom SharePoint permissions?
- Firstly, log in to your SharePoint site and click on ‘Settings’.
- Secondly, in the ‘Users and Permissions’ area, click the ‘Site Permissions’ link.
- Thirdly, select the ‘Permissions’ tab located at the top of the webpage.
- Choose the ‘Permission Levels’ option located inside the ‘Manage’ category.
- Select ‘Add a Permission Level.’
- Finally, for each permission you want, tick the boxes.
Q2.How do I add someone to SharePoint permissions?
Go to Settings within your SharePoint site>> Click on Site Settings>>Select People and Groups under “Users and Permissions”>>Choose the group to which you want to add the users from the list on the left>>After selecting Add Users option, select the drop-down arrow next to “New”.
Q3. What are various permissions in SharePoint Online?
Different access levels are granted by the different permission levels, which include Read, Edit, Contribute, and Full Version Control.