SharePoint 2013 – PowerShell script to create the custom permission level
Hi All,
Today new learning.
Background: In our SharePoint 2013 On Premises project we have requirement to give the “Contribute” permission to one of the groups but no delete permissions. This means users who belongs to this group cannot delete the list items / documents. So, we need to create new permission level called “Contribute with no Delete”.
Since this is one-time activity we choose the approach of PowerShell. Small PowerShell script but thought to share so that can be reused.
Complete PowerShell script with detailed comments:
#Check if SharePoint PowerShell snap in is added
if(-not(Get-PSSnapin | Where { $_.Name -eq "Microsoft.SharePoint.PowerShell"} )) { Add-PSSnapin Microsoft.SharePoint.PowerShell; }
try { #Start logging $gc = Start-SPAssignment #Log file details [string]$LogfilePath = (Get-Date –Format "yyyy'-'MM'-'dd'T'HH'-'mm'-'ss").ToString() + ".log") #Get our web $web=Get-SPWeb $WebUrl #Check if role definition is already exists #Permission level name - "Contribute With NoDelete" $customPermissionLevel = $web.RoleDefinitions["Contribute With NoDelete"] #if role definition is not already exists then #create new one if($customPermissionLevel -eq $null) { $customPermissionLevel= New-Object Microsoft.SharePoint.SPRoleDefinition $customPermissionLevel.Name="Contribute With NoDelete" $customPermissionLevel.Description= "Custom permission level for form based authentication" $web.RoleDefinitions.Add($customPermissionLevel); }#if($customPermissionLevel -eq $null) #Assign the base permissions $customPermissionLevel.BasePermissions= "EmptyMask,ViewListItems, AddListItems,EditListItems, OpenItems, ViewVersions,DeleteVersions, ManagePersonalViews, ViewFormPages,ViewPages,BrowseUserInfo, EditMyUserInfo,CreateAlerts" $customPermissionLevel.Update() $web.Dispose() } catch { LogMessage($Error); }#catch finally { LogMessage ("Script execution done. Please check the log for details.") Stop-SPAssignment $gc }#finally # Log Message function# function LogMessage { param([parameter(Mandatory=$true)][string]$Message = $(throw "Parameter Message is required.") ) $now = Get-Date –f "s" $text = $now + ": " + $Message Write-Output ($text) | Out-File -FilePath $LogfilePath -Append Write-Host $Message }#LogMessage
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.
You must log in to post a comment.