21 February 2008

How do I? – Customize granular site group permissions – WSS 2.0 vs. WSS 3.0

If you’ve ever had to secure SharePoint site content at list level before, you probably ran into the need to reduce user permissions. A good example may be where content is sensitive and have to conform to certain laws/rules/procedures before deletion could take place. In such a case, you need to remove both the Delete as well as the Modify rights from the Contributor user group. Why Modify rights? Because with Modify rights, I may not be able to delete the document outright, but I am able to edit it and delete the content of the document which essentially boils down to the same thing. True, using version history can help with that, but it’s much easier to just remove the Modify rights altogether. Now in Windows SharePoint Services 2.0 this was very easy. It was done thus:
  1. Logon to the target site.
  2. Click the “Site Settings” link in the menu bar.
  3. In the Administration section, click “Go to Site Administration”.
  4. In the Users and Permissions section click “Manage site groups”.
  5. Click the “Contributor” group link.
  6. Click the “Edit Site Group Permissions” button.
  7. Now uncheck the “Edit Items” and “Delete Items” options on the page and click the “Submit” button to save the changes.
You have now modified the site group permissions for the Contributor group. All users that belong to this group will not be able to delete or modify existing content but will only be able to Add new content. The important thing to note here is that this is at the particular site level, provided the site does not have inherited permissions. If the site had inherited permissions, I would have to traverse up the site tree until I find the site with unique permissions from which the target site eventually inherits its permissions. I would then have to modify that site group which would affect all sites between that parent site and the target site. Since this is usually not desirable, the target site is generally set to have unique permissions which would essentially copy the parent site groups to the target site thus allowing you to make changes that affect just the target site. It is important to note that the copied site groups would carry the same name as the parent site groups i.e. Contributor etc., but that the group is in effect a totally new group. Now when it comes to SharePoint 2007, it’s a little more obscure to find these same options, but it can still be done by following these steps:
  1. Logon to the target site.
  2. On the top right hand side, click “Site Actions”.
  3. On the drop down menu, click “Site Settings”.
4. On the Site Settings page, click “Advanced Permissions”.  5. On the Site Permissions Page, click “Settings”. 6. On the drop down menu, click “Permission Levels”. 7. On the Permission Levels page, click “Edit Permission Levels”.  8. SharePoint will notify you that this action will customize the permissions of the site. Click the “OK” button to continue.9. Now locate the permission level you wish to trim, in our example, it’s Contribute. Click “Contribute”. 10. Uncheck the “Edit Items” and “Delete Items” check boxes.  11. Finally click the “Submit” button to complete the process. So in 2007, there are 4 additional steps and the option is buried a little deeper, but we can still achieve the granular level of control we want.


No comments:

Post a Comment

Comments are moderated only for the purpose of keeping pesky spammers at bay.

SharePoint Remote Event Receivers are DEAD!!!

 Well, the time has finally come.  It was evident when Microsoft started pushing everyone to WebHooks, but this FAQ and related announcement...