Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Custom Permissions level issue

  Asked By: Laci    Date: Aug 21    Category: Sharepoint    Views: 1740

As part of our set of management policies it was decided that members of the
site owners group would not be given the ability to add or manage users within
their respective sites.

To meet that requirement I created a "Power_Users" permission level at the site
collection level with the following settings:

List Permissions

Manage Lists
Override checkout
Add Items
Edit Items
Delete Items
View Items
Approve Items
Open Items
View Versions
Delete Versions
Create Alerts
View Application Pages

Site Settings

Browse Directories
View Pages
Enumerate Permissions
Browse User Information
Use Remote Interfaces
Use Client Integration Features
Edit Personal Information

Personal Permissions
Manage Personal Views

The permission level has been associated with the Portal Home Owners Group but a
test user added to that group can still add and remove users.

What am I missing here?



3 Answers Found

Answer #1    Answered By: Candy Walter     Answered On: Aug 21

Did you remove  the existing Full Control permission level  from the Portal Home
Owners Group? Also is the test user  a member of any other groups or named as
the site collection administrator? Site Collection administrators get Full
Control by default and can't be restricted to less than that.

Answer #2    Answered By: Leanne Rios     Answered On: Aug 21

The Site Owners group  has Power_Users level  only and the test user  is not a
member of any other groups.

Interesting aspect of this. When I login as the test user and add  a user I can
add the user to a SharePoint group that has access to the site but cannot assign
permissions directly to that new user.

Answer #3    Answered By: Zachary Roberts     Answered On: Aug 21

Solved.........or at least issue  potentially identified.

As part  of this deployment the decision was made to possibly delete those built
in permissions  levels that will not be used (Approver, Design, Hierarchy
Manager). I did quite a bot of research surrounding that action and was not able
to find anything that showed or mentioned any potential problems with doing
this. In retrospect it looks like those deletions borked things up at least

I went back and deleted all the site collections and recreated them. created  the
custom permissions level  and then associated that custom  level with the Site
Owners group..........could still add  and remove  users.

Created a new SharePoint group  (Power_Users) and associated it with the custom
permissions level and it works fine now.

Didn't find what you were looking for? Find more on Custom Permissions level issue Or get search suggestion and latest updates.