How to create custom security levels on a SharePoint 2010 Site and apply it to users.

Home > Blogs > SharePoint > How to create custom security levels on a SharePoint 2010 Site and apply it to users.

How to create custom security levels on a SharePoint 2010 Site and apply it to users.

1 2 Spike Xavier
Added by August 15, 2012

This blog shows how to create a custom security level on a SharePoint Site and apply it to users. Although it's always best to attempt to manage the permissions at the site collection level, often you cannot do this and at the same time protect the content within specific areas. When the need arises you need to know how to customize the permissions. This is how to do it at the Site Level. It is important to understand exactly how this impacts access to users in your specific implementation and it's always a good idea to have very specific governance (rules) in this area.

Here's what we'll do:

Step 1 Copy existing permission. We'll need to know the following to do this successfully: What Permission Inheritance is and The Default Permission Levels and SharePoint Permission Groups.
Step 2 Customize Settings. We'll need to know the following to do this successfully: How to change Permission Settings and the implications of each change in the hierarchy of Objects.
Step 3 Save the New Level. We'll need to know the following to do this successfully: Save the Permission, and then view it to verify its Availability.
Step 4 Break Inheritance. We'll need to know the following to do this successfully: The hierarchy of a Site Collection and where your Site fits within that hierarchy. Also, need to know how to get to the Target Site.
Step 5 Create a New SharePoint Group and apply the new Permission Level. We'll need to know the following to do this successfully: What a SharePoint Group is. How to create one. How to apply a permission level to the Group.
Step 6 Add Users to the Group. We'll need to know the following to do this successfully: How to add users to a SharePoint Group. What the options are (Authenticated Users, Ad Groups, Exchange Distribution Lists that are Security Enabled.)
Step 7 Validate the Change. We'll need to know the following to do this successfully: How to sign in as a different user and how to add an item to "A".

We'll explain the environment and then dig in and make it happen.

 

Environment 1

Environment 1 custom security level on a SharePoint Site

We start with a site collection.

Environment 2

Environment 2 custom security level on a SharePoint Site

We have created a top level site based on the Team Site Template.

Environment 3

Environment 2 custom security level on a SharePoint Site

We created a sub site based on the Blank Site Template and added a document library to it. The document Library is for housing the SP360 courseware and we don't want to have anyone deleting the content from the library. We will need to give them access to the sub site and library in order to add or edit the documents so they would normally be in the members group, however in this case the out of the box permission level of Contribute won't work because it allows members to delete list and library items. We will start with this permission level by copying it, customize our copy and give it a name and then create a new group and put the users into the new group.

Environment 4

Environment 4 custom security level on a SharePoint Site

We have a few choices in where to break the inheritance. We can break it at the List or Library Item, the List or Library, or the Site Level. Because by default the permissions start at the top level site of the site collection and move down until inheritance is broken.

Environment 5

Environment 5 custom security level on a SharePoint Site

In this blog we will break the inheritance at the Site Level. At the moment we break inheritance, a copy of the permission levels set on the groups is made and at that exact instant nothing would be different, however everything we do from that moment on to the permissions on this site will flow down to any sites, lists, libraries below it.

Copy Existing Permissions 1

Copy-Existing-Permission custom security level on a SharePoint Site

From the top level site in our site collection I click Site Actions>Site Permissions.

Copy Existing Permission 2

Copy-Existing-Permission custom security level on a SharePoint Site -2.png

I click the Permission Levels icon in the Ribbon.

Copy Existing Permission 3

Copy-Existing-Permission custom security level on a SharePoint Site 3

Out of the box the members group has the contribute permission level applied to it. In this case, that is the closest permission level so I click on Contribute to get to its detail screen.

Copy Existing Permission 4

Copy-Existing-Permission custom security level on a SharePoint Site 4

I scroll to the bottom and click on Copy Permission Level. There are 33 possible checkboxes to set in an out of the Box SharePoint 2010 implementation.

Customize Settings

Customize Settings custom security level on a SharePoint Site

I give the new permission level the name 'contributeWithoutDelete' and uncheck the Delete Items check box. Some of the permissions have dependencies so when you uncheck one, others might automatically uncheck themselves. In this case that didn't happen but if it does that is expected behavior.

Save the new Level 1

Save the new level 1 custom security level on a SharePoint Site

I scroll down and click the create button.

Save the new Level 2

Save the new level 1 custom security level on a SharePoint Site

I am taken to the Permission Levels Page where I can verify that the new permission level 'contributeWithoutDelete' has been created and is ready for use. I now need to get to the target site.

Getting to the Target Site

Getting-To-The-Target-Sitec ustom security level on a SharePoint Site

From the top level site of our site collection I click the link to the Secured Site (I created the site earlier).

Break Inheritance 1

Break Inheritance 1 custom security level on a SharePoint Site

From the target site I click Site Actions> Site Permissions

Break Inheritance 2

Break Inheritance 1 custom security level on a SharePoint Site

I click Stop Inheriting Permissions. Notice the Ribbon saying that currently This Web site inherits permissions from its parent and presents a link to the permissions settings screen for the parent site.

Create a new SharePoint Group and apply the new Permission Level 1

Create-a-new-sharepoint-group-and-apply-the-new-permission level

I click the Create Group Icon in the Ribbon in order to create a new SharePoint Group.

Create a new SharePoint Group and apply the New Permission Level 2

Create-a-new-sharepoint-group-and-apply-the-new-permission level 2

I give the group a name and assign the newly created permission level 'contributeWithoutDelete' to it, then I click the Create button (not shown)

Add users to the Group 1

Add Users To The Group SharePoint 2010

I am taken to the secureMembers group membership page. In order to add members to the group I click on the New link and choose Add Users.

Add users to the Group 2

Add-Users To The Group 2 SharePoint 2010

In the Grant Permissions modal window I add an authenticated user to the group. I could have added an Active Directory Security Group and / or an Exchange Distribution list that is Security Enabled as well but in this case one user will do. I leave the checkbox to send a welcome message to the user and then click OK.

Add users to the Group 3

Add-Users To The Group 3 SharePoint 2010

I verify that the user has been added to the group.

Validate the change 1

Validate The Change custom security level on a SharePoint Site

Using the menu in the upper right of the window I choose Sign in As Different User.

Validate the change 2

Validate The Change 2 custom security level on a SharePoint Site

While signed in as the user who is in the new group with the new permission levels I click on the Document Library by clicking on the link in the Quick Launch Bar.

Validate the change 3

Validate The Change 3 custom security level on a SharePoint Site

I select one of the documents and notice that the Delete Document icon is greyed out in the Ribbon which verifies that I cannot delete a document so I know my changes have had the desired effect.

Enjoy!
Spike Xavier
SharePoint Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

A Simple Introduction to Cisco CML2

0 3877 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Creating Dynamic DNS in Network Environments

0 641 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments

Cable Testers and How to Use them in Network Environments

0 724 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.