In my previous post I tried to explain how can you forbid your end users to delete files from document libraries. I did not provide much details on how to setup this and some visitors raised additional questions about that.
In this blog series I will provide step-by-step description how to achieve this.

Creating custom permission levels
In order to achieve our goal we will need to create custom permission levels. Permission levels allow you to define what a user can do. Default permission levels are not sufficient for our case so we will have to customize them.

1. Create a new WSS site with custom permissions

2. Select Site Actions > Site Settings

1

3. Under User and Permission select Advanced Permissions

2

4. From the permissions toolbar choose Settings > Permission levels

3

Your permission levels are inherited from the top level site. In order to achieve our task we need custom permission so:

5. Click on “Edit Permission Levels” and then confirm that you want to create custom permission levels

4

6. For the purpose of this article we are going to modify Contribute permission level.
Click on Contribute

5

7. To disallow deleting de-select Delete items under delete permission.


6

8. Save your changes.

By default members of “Your site members group” have Contribute permission level. Add an user to that group in order to test the changes you made. If you follow these steps correctly members will be able to create and modify document but they will not be able to delete documents.

The picture below shows contributor’s interface. The delete option is missing from the context menu.

7

In part two I will describe how to create a workflow to delete these documents.

6 Comments

  1. Mark Miller Says

    Toni – Nice write up, as always. One of the interesting things about taking control of the permission levels is that you can convince people that they have more control than they actually do.

    Here’s the scenario. You’ve got an End User that INSISTS that they want site manager privileges but as a site collection admin, you want to maintain control over the site. Create a new permission level called “Site Manager Guru”, or something complimentary for their ego.

    At that point, you can give them any sort of permissions you want, since their ego has been salved with the cool name.

    Paul Grenier and I had a good laugh over that one because it really works.

    Hope things are going well.

    Regards,
    Mark
    EndUserSharePoint.com

  2. Toni Frankola Says

    @Nicolas: As usual I ran into some problems with it… however we managed to solve the problem with a workaround and I will be posting something soon. Stay tuned.

  3. Duncan Drury Says

    We did this, but found that in some cases, Excel would create a temporary file in the document library, which it couldn’t clear up afterwards.

    We settled on using the Recycle Bin to recover documents that users had deleted in error.

    Still hunting for the holy grail of a solution that only allows users to view or edit documents they have created themselves.

  4. Toni Frankola Says

    @Duncan: There is a solution. You could use workflow to set item level permissions for each file. OOTB SharePoint Designer activities do not allow that but you could use these http://spdactivities.codeplex.com/

    I think I am going to write an article on how to use these…

Leave a Reply