How do I? – Customize granular site group permissions – WSS 2.0 vs. WSS 3.0

Written by Cornelius J. van Dyk on . Posted in How Do I...

If you’ve ever had to secure SharePoint site content at list level before, you probably ran into the need to reduce user permissions. A good example may be where content is sensitive and have to conform to certain laws/rules/procedures before deletion could take place. In such a case, you need to remove both the Delete as well as the Modify rights from the Contributor user group. Why Modify rights? Because with Modify rights, I may not be able to delete the document outright, but I am able to edit it and delete the content of the document which essentially boils down to the same thing. True, using version history can help with that, but it’s much easier to just remove the Modify rights altogether. Now in Windows SharePoint Services 2.0 this was very easy. It was done thus:

  1. Logon to the target site.
  2. Click the “Site Settings” link in the menu bar.
  3. In the Administration section, click “Go to Site Administration”.
  4. In the Users and Permissions section click “Manage site groups”.
  5. Click the “Contributor” group link.
  6. Click the “Edit Site Group Permissions” button.
  7. Now uncheck the “Edit Items” and “Delete Items” options on the page and click the “Submit” button to save the changes.
You have now modified the site group permissions for the Contributor group. All users that belong to this group will not be able to delete or modify existing content but will only be able to Add new content. The important thing to note here is that this is at the particular site level, provided the site does not have inherited permissions. If the site had inherited permissions, I would have to traverse up the site tree until I find the site with unique permissions from which the target site eventually inherits its permissions. I would then have to modify that site group which would affect all sites between that parent site and the target site. Since this is usually not desirable, the target site is generally set to have unique permissions which would essentially copy the parent site groups to the target site thus allowing you to make changes that affect just the target site. It is important to note that the copied site groups would carry the same name as the parent site groups i.e. Contributor etc., but that the group is in effect a totally new group. Now when it comes to SharePoint 2007, it’s a little more obscure to find these same options, but it can still be done by following these steps:
  1. Logon to the target site.
  2. On the top right hand side, click “Site Actions”.
  3. On the drop down menu, click “Site Settings”.
4. On the Site Settings page, click “Advanced Permissions”. 5. On the Site Permissions Page, click “Settings”. 6. On the drop down menu, click “Permission Levels”. 7. On the Permission Levels page, click “Edit Permission Levels”. 8. SharePoint will notify you that this action will customize the permissions of the site. Click the “OK” button to continue. 9. Now locate the permission level you wish to trim, in our example, it’s Contribute. Click “Contribute”. 10. Uncheck the “Edit Items” and “Delete Items” check boxes. 11. Finally click the “Submit” button to complete the process. So in 2007, there are 4 additional steps and the option is buried a little deeper, but we can still achieve the granular level of control we want.



Tags: ,

Trackback from your site.

Cornelius J. van Dyk

Born and raised in South Africa during the 70's I got my start in computers when a game on my Sinclair ZX Spectrum crashed, revealing it's BASIC source code. The ZX had a whopping 48K of memory which was considered to be a lot in the Commodore Vic20 era, but more importantly, it had BASIC built into the soft touch keyboard. Teaching myself to program, I coded my first commercial program at age 15.

After graduating high school at 17, I joined the South African Air Force, graduating the Academy and becoming a Pilot with the rank of First Lieutenant by age 20. After serving my country for six years, I made my way back into computer software.

Continuing my education, I graduated Suma Cum Laude from the Computer Training Institute before joining First National Bank where my work won the Smithsonian Award for Technological Innovation in the field of Banking and Insurance. Soon I met Will Coleman from Amdahl SA, who introduced me to a little known programming language named Huron/ObjectStar. As fate would have it, this unknown language and Y2K brought me to the USA in 1998.

I got involved with SharePoint after playing around with the Beta for SharePoint Portal Server 2003. Leaving my career at Rexnord to become a consultant in 2004, I was first awarded the Microsoft Most Valuable Professional Award for SharePoint in 2005, becoming only the 9th MVP for WSS at the time. I fulfilled a life long dream by pledging allegiance to the Flag as a US citizen in 2006. I met the love of my life and became a private consultant in 2008. I was honored to receive my ninth MVP award for SharePoint Server in 2013.

Leave a comment

You must be logged in to post a comment.