SharePoint shows content to users based on access assigned. Normally a user with read access on the site have access to all site content where permissions inherits from site level except where content like SharePoint lists, document libraries, files or folders having unique permissions.

Business Requirement

A user with read access can not modify any of the content or cannot view restricted areas but there is still requirements from the business users to restrict users from accessing list and libraries pages, all site content page and many other internal pages. This is required when an organization have external users or anonymous users. And content owner wants to show specific content to users through pages which they have customized according to their requirements.

Creating Custom Permission Level

To achieve that you need to create a custom permission level where you can define specifc roles to the permission level which would restrict users from accessing internal pages. Follow below steps to configure this.

  • Go to Site Settings
  • Click on Site Permissions under Users and Permissions. (you can also access the site permission page through this url: https:// <site domain> /_layouts/15/user.aspx)
  • This will open the site permissions page, click on Permission Level button from page ribbon, this will open the permission levels.
  • You can see all the existing permissions and their description on the page. Click on new permission level.
  • Enter name for new permission level like “Custom Restricted Permissions”, add some description and select the below listed permissions roles only:
    • View Items  –  View items in lists and documents in document libraries.
    • Open Items  –  View the source of documents with server-side file handlers.
    • View Pages  –  View pages in a Web site.
    • Use Remote Interfaces  –  Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
    • Open  –  Allows users to open a Web site, list, or folder in order to access items inside that container.
  • Now save the new permission level, and go back to site permissions page and create a new security group and select the newly created permission level.

Hit the create button and it will create the security group and now you add users to this group which should have restricted access on the site. And now members of this new security group can no view any internal page including list’s Add/edit and all items pages.

Adnan, a distinguished professional, boasts an impressive track record as a Microsoft MVP, having achieved this prestigious recognition for the eighth consecutive year since 2015. With an extensive career spanning over 18 years, Adnan has honed his expertise in various domains, notably excelling in SharePoint, Microsoft 365, Microsoft Teams, the .Net Platform, and Microsoft BI. Presently, he holds the esteemed position of Senior Microsoft Consultant at Olive + Goose. Notably, Adnan served as the MCT Regional Lead for the Pakistan Chapter from 2012 to 2017, showcasing his leadership and commitment to fostering growth within the tech community. His journey in the realm of SharePoint spans 14 years, during which he has undertaken diverse projects involving both intranet and internet solutions for both private and government sectors. His impact has transcended geographical boundaries, leaving a mark on projects in the United States and the Gulf region, often collaborating with Fortune 500 companies. Beyond his roles, Adnan is a dedicated educator, sharing his insights and knowledge as a trainer. He also passionately advocates for technology, frequently engaging with the community through speaking engagements in various forums. His multifaceted contributions exemplify his dedication to the tech field and his role in driving its evolution.

Leave a Reply