SharePoint 2013 – PowerShell script to create the custom permission level

Hi All,

Today new learning.

Background: In our SharePoint 2013 On Premises project we have requirement to give the “Contribute” permission to one of the groups but no delete permissions. This means users who belongs to this group cannot delete the list items / documents. So, we need to create new permission level called “Contribute with no Delete”.

Since this is one-time activity we choose the approach of PowerShell. Small PowerShell script but thought to share so that can be reused.

Complete PowerShell script with detailed comments:

#Check if SharePoint PowerShell snap in is added

if(-not(Get-PSSnapin | 
         Where { $_.Name -eq "Microsoft.SharePoint.PowerShell"}
       )) 
{  
   Add-PSSnapin Microsoft.SharePoint.PowerShell; 
}
try
 {
     #Start logging
     $gc = Start-SPAssignment
     #Log file details
     [string]$LogfilePath = 
      (Get-Date –Format "yyyy'-'MM'-'dd'T'HH'-'mm'-'ss").ToString() 
       + ".log")

     #Get our web
     $web=Get-SPWeb $WebUrl

     #Check if role definition is already exists
     #Permission level name - "Contribute With NoDelete"
     $customPermissionLevel = 
     $web.RoleDefinitions["Contribute With NoDelete"] 

     #if role definition is not already exists then 
     #create new one
     if($customPermissionLevel -eq $null)
     {
        $customPermissionLevel=
        New-Object Microsoft.SharePoint.SPRoleDefinition
        $customPermissionLevel.Name="Contribute With NoDelete"
        $customPermissionLevel.Description=
        "Custom permission level for form based authentication"
        $web.RoleDefinitions.Add($customPermissionLevel);
    }#if($customPermissionLevel -eq $null)
  
   #Assign the base permissions
    $customPermissionLevel.BasePermissions=
    "EmptyMask,ViewListItems, AddListItems,EditListItems, 
     OpenItems, ViewVersions,DeleteVersions, ManagePersonalViews, 
     ViewFormPages,ViewPages,BrowseUserInfo,
     EditMyUserInfo,CreateAlerts"

    $customPermissionLevel.Update()
    $web.Dispose()
}
catch
 {
    LogMessage($Error);
 }#catch
 finally
 {
    LogMessage ("Script execution done. Please check the log for details.")
    Stop-SPAssignment $gc
 }#finally

# Log Message function# 
function LogMessage
{ 
   param([parameter(Mandatory=$true)][string]$Message = $(throw "Parameter Message is required.") ) 
   $now = Get-Date –f "s" $text = $now + ": " + $Message 
   Write-Output ($text) | Out-File -FilePath $LogfilePath -Append  
   Write-Host $Message
}#LogMessage

Thanks for reading 🙂

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: