SharePoint: How to restrict user access from accessing system pages

Overview

SharePoint shows content to users based on access assigned. Normally a user with read access on the site have access to all site content where permissions inherits from site level except where content like SharePoint lists, document libraries, files or folders having unique permissions.

Business Requirement

A user with read access can not modify any of the content or cannot view restricted areas but there is still requirements from the business users to restrict users from accessing list and libraries pages, all site content page and many other internal pages. This is required when an organization have external users or anonymous users. And content owner wants to show specific content to users through pages which they have customized according to their requirements.

Creating Custom Permission Level

To achieve that you need to create a custom permission level where you can define specifc roles to the permission level which would restrict users from accessing internal pages. Follow below steps to configure this.

  • Go to Site Settings
  • Click on Site Permissions under Users and Permissions. (you can also access the site permission page through this url: https:// <site domain> /_layouts/15/user.aspx)
  • This will open the site permissions page, click on Permission Level button from page ribbon, this will open the permission levels.
  • You can see all the existing permissions and their description on the page. Click on new permission level.
  • Enter name for new permission level like “Custom Restricted Permissions”, add some description and select the below listed permissions roles only:
    • View Items  –  View items in lists and documents in document libraries.
    • Open Items  –  View the source of documents with server-side file handlers.
    • View Pages  –  View pages in a Web site.
    • Use Remote Interfaces  –  Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
    • Open  –  Allows users to open a Web site, list, or folder in order to access items inside that container.
  • Now save the new permission level, and go back to site permissions page and create a new security group and select the newly created permission level.

Hit the create button and it will create the security group and now you add users to this group which should have restricted access on the site. And now members of this new security group can no view any internal page including list’s Add/edit and all items pages.

The following two tabs change content below.
Adnan Amin
Adnan is two time SharePoint MVP (Most Valuable Professional) with over 12 years of extensive experience with major expertise on SharePoint Server, Office 365, .Net Platform and Microsoft BI. He is currently working SharePoint Architect at FMT Consultants. He is MCT Regional Lead for Pakistan Chapter since 2012. He is working on SharePoint for past nine years and worked on different intranet/intranet solutions for private & govt. sector majorly in Gulf region, which include OOB and customized solutions. He is a trainer, technology evangelist and also speaks in community forums.

Leave a Reply