I’m often asked for a way to modify permissions beyond what’s available out of the box, but without using workflows.
There are settings that allow item-level permissions in lists (List Settings > Advanced Settings > Item-level Permissions) so that users can only see and/or edit their own items, but this may not solve your need. If so, ta-da! If not, keep reading.
In this post, I’ll cover one solution in which we create a custom permission level at the site level that we’ll assign to a group on a specific list’s permissions. This new, custom permission level will be the same as the Contribute level (out of the box) but removes the ability for users to delete items or versions.
Creating a custom permission level involves a couple main steps:
- Create the new permission level.
- Change permissions on the list so that the group of users who should have the new permission level are assigned the new permission level.
Create the new, custom permission level
1. Go to Site Settings
2. Under Users and Permissions, select Site permissions
3. Click Permission Levels
4. You could click Add a Permission Level but I typically prefer to copy an existing level (like Contribute) and just make a couple small changes. For this tutorial, I’m going to select Contribute.
If copying a level, scroll down to the bottom after selecting a level and click Copy Permission Level.
5. Name and describe the new permission level, then check and uncheck as needed to create the permission level desired. In my example, I want to copy Contribute, but remove the delete ability so I’ve unchecked the two options involving deletion of items and versions.
6. Scroll down and click Create.
Change permissions on the list
Now we need to assign our new permission level to users on the list for which we’re preventing deletion.
1. Go to List Settings.
2. Under Permissions and Management, select Permissions for this list.
3. Select the box next to the name of the group for which you’re modifying permissions.
4. Click Edit User Permissions from the top ribbon menu.
5. Uncheck the current permission level assigned to the group, and check the new custom permission level.
6. Click OK.