SharePoint 2013 – PowerShell script to create the custom permission level

by · Published · Updated

Hi All,

Today new learning.

Background: In our SharePoint 2013 On Premises project we have requirement to give the “Contribute” permission to one of the groups but no delete permissions. This means users who belongs to this group cannot delete the list items / documents. So, we need to create new permission level called “Contribute with no Delete”.

Since this is one-time activity we choose the approach of PowerShell. Small PowerShell script but thought to share so that can be reused.

Complete PowerShell script with detailed comments:

#Check if SharePoint PowerShell snap in is added

if(-not(Get-PSSnapin | 
         Where { $_.Name -eq "Microsoft.SharePoint.PowerShell"}
       )) 
{  
   Add-PSSnapin Microsoft.SharePoint.PowerShell; 
}
try
 {
     #Start logging
     $gc = Start-SPAssignment
     #Log file details
     [string]$LogfilePath = 
      (Get-Date –Format "yyyy'-'MM'-'dd'T'HH'-'mm'-'ss").ToString() 
       + ".log")

     #Get our web
     $web=Get-SPWeb $WebUrl

     #Check if role definition is already exists
     #Permission level name - "Contribute With NoDelete"
     $customPermissionLevel = 
     $web.RoleDefinitions["Contribute With NoDelete"] 

     #if role definition is not already exists then 
     #create new one
     if($customPermissionLevel -eq $null)
     {
        $customPermissionLevel=
        New-Object Microsoft.SharePoint.SPRoleDefinition
        $customPermissionLevel.Name="Contribute With NoDelete"
        $customPermissionLevel.Description=
        "Custom permission level for form based authentication"
        $web.RoleDefinitions.Add($customPermissionLevel);
    }#if($customPermissionLevel -eq $null)
  
   #Assign the base permissions
    $customPermissionLevel.BasePermissions=
    "EmptyMask,ViewListItems, AddListItems,EditListItems, 
     OpenItems, ViewVersions,DeleteVersions, ManagePersonalViews, 
     ViewFormPages,ViewPages,BrowseUserInfo,
     EditMyUserInfo,CreateAlerts"

    $customPermissionLevel.Update()
    $web.Dispose()
}
catch
 {
    LogMessage($Error);
 }#catch
 finally
 {
    LogMessage ("Script execution done. Please check the log for details.")
    Stop-SPAssignment $gc
 }#finally

# Log Message function# 
function LogMessage
{ 
   param([parameter(Mandatory=$true)][string]$Message = $(throw "Parameter Message is required.") ) 
   $now = Get-Date –f "s" $text = $now + ": " + $Message 
   Write-Output ($text) | Out-File -FilePath $LogfilePath -Append  
   Write-Host $Message
}#LogMessage

Thanks for reading 🙂

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Microsoft 365

Subscribe now to keep reading and get access to the full archive.

Continue reading