SharePoint shows content to users based on access assigned. Normally a user with read access on the site have access to all site content where permissions inherits from site level except where content like SharePoint lists, document libraries, files or folders having unique permissions.
A user with read access can not modify any of the content or cannot view restricted areas but there is still requirements from the business users to restrict users from accessing list and libraries pages, all site content page and many other internal pages. This is required when an organization have external users or anonymous users. And content owner wants to show specific content to users through pages which they have customized according to their requirements.
To achieve that you need to create a custom permission level where you can define specifc roles to the permission level which would restrict users from accessing internal pages. Follow below steps to configure this.
- Go to Site Settings
- Click on Site Permissions under Users and Permissions. (you can also access the site permission page through this url: https:// <site domain> /_layouts/15/user.aspx)
- This will open the site permissions page, click on Permission Level button from page ribbon, this will open the permission levels.
- You can see all the existing permissions and their description on the page. Click on new permission level.
- Enter name for new permission level like “Custom Restricted Permissions”, add some description and select the below listed permissions roles only:
- View Items – View items in lists and documents in document libraries.
- Open Items – View the source of documents with server-side file handlers.
- View Pages – View pages in a Web site.
- Use Remote Interfaces – Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
- Open – Allows users to open a Web site, list, or folder in order to access items inside that container.
- Now save the new permission level, and go back to site permissions page and create a new security group and select the newly created permission level.
Hit the create button and it will create the security group and now you add users to this group which should have restricted access on the site. And now members of this new security group can no view any internal page including list’s Add/edit and all items pages.