|   Login    |   September 20, 2020    |   Knowledge Base  >  Sharepoint 2010  >  Sharepoint  >  Adding Permission Levels in SharePoint 2010 using PowerShell
search:   
Phone: (480) 722-1227
Toll Free: (888) 722-1227
Adding Permission Levels in SharePoint 2010 using PowerShell
Last Post 20 Sep 2011 07:02 PM by SuperUser Account. 0 Replies.
Printer Friendly
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
SuperUser AccountUser is Offline
Basic Member
Basic Member
Posts:138

--
20 Sep 2011 07:02 PM  

In SharePoint 2010 you can manage what a User or Group can do by granting permissions to a User or Group.
SharePoint 2010 shippes with a couple of standard permission such as: Full Control, Design, Contribute and Read.
But how do you create your own Permission Levels?

Say you want a user to be able to View Pages and Lists, Download Documents and Update List Items but not Create or Delete List Items.

To achieve this, we have to create a custom Role Definition. First we return a Site using the Get-SPWeb cmdlet.

PS > $spWeb = Get-SPWeb <a href="http://SP2010">http://SP2010</a>
Next we Store an instance of Microsoft.SharePoint.SPRoleDefinition in a variable and set the Name and Description properties.

PS > $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition
PS > $spRoleDefinition.Name = "Custom"
PS > $spRoleDefinition.Description = "Can Create and Modify Items, Not Delete"
Next we want to add specific BasePermissions, but before adding them let’s see what kind of permissions we can add by enumerating Microsoft.SharePoint.SPBasePermissions.

PS > [System.Enum]::GetNames("Microsoft.SharePoint.SPBasePermissions")
EmptyMask
ViewListItems
AddListItems
EditListItems
DeleteListItems
ApproveItems
OpenItems
ViewVersions
DeleteVersions
CancelCheckout
ManagePersonalViews
ManageLists
ViewFormPages
Open
ViewPages
AddAndCustomizePages
ApplyThemeAndBorder
ApplyStyleSheets
ViewUsageData
CreateSSCSite
ManageSubwebs
CreateGroups
ManagePermissions
BrowseDirectories
BrowseUserInfo
AddDelPrivateWebParts
UpdatePersonalWebParts
ManageWeb
UseClientIntegration
UseRemoteAPIs
ManageAlerts
CreateAlerts
EditMyUserInfo
EnumeratePermissions
FullMask

Pretty cool!. In our Case we want to add the same Base Permissions as the “Read” permission level has, which are: ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts.
We also want to add additional an additional permission: EditListItems. So that the Users can Edit Items (but not create or delete Items).

PS > $spRoleDefinition.BasePermissions =
>> "ViewListItems, OpenItems, ViewVersions,
>> ViewFormPages, Open, ViewPages, CreateSSCSite,
>> BrowseUserInfo, UseClientIntegration,
>> UseRemoteAPIs, CreateAlerts,EditListItems"

Finally, we add our custom Rolde Definition to our Site as demonstrated below:

PS > $spweb.RoleDefinitions.Add($spRoleDefinition)

Now we can simply add Grant Users or Groups our new Custom permission as shown below.

www.powershell.nu_wp-content_uploads_2010_12_grantpermission.jpg

When the User or Group logs into SharePoint 2010 he/she will be able to view content, Update List Items but not Create or Delete List Items.

You are not authorized to post a reply.

Active Forums 4.2
Vigilant Technologies
Vigilant Technologies is a certified 8(a), Veteran Owned company headquartered in Chandler, Arizona. We provide products, services and enterprise-wide integration of innovative IT solutions to commercial, Federal, State and Local government clients. Our Leading edge services include Private/Hybrid Cloud, Server Consolidation, Visualization implementation, and Infrastructure Management.
Engage with us
Copyright 2006 - 2013 Vigilant Support   |  Privacy Statement  |  Terms Of Use
Uluslararası evden eve nakliyat