Restrict Deletes in SharePoint
- Dan Jakubiak
Students, faculty, and staff can restrict certain actions in certain folders in SharePoint. Folders can be set to “upload only” or “no delete” following these steps.
These steps can imperfectly emulate a WORM (write-once, read-many) setup. This means a user can add something to the folder but will then be unable to edit or delete it.
This can be useful in financial environments. Owners of the SharePoint site will retain delete privilege of all files and folders.
This guide has many one-time steps. In the future, you will only need to add/remove members from the group.
1) Create a new permission level
Visit s.uconn.edu/sharepoint and then click on your site.
Wait a second for the settings gear to appear in the top-right corner (next to your profile picture).Click on the settings gear and then Site permissions. Next click on Advanced permission settings at the bottom of the menu.
Click on Permission Levels at the top of the page.
Click on Add a Permission Level.
Give the level a name, such as “NoDelete” or “worm-group”. Give it a catchy name; only Owners will use this name when applying it to a folder.
Enter a description for this level so that you do not forget your intention. You may revisit this description field after you have selected permissions.
Choose the permissions you wish to have on your special folder(s):
Add Items - allows users to add files into the folder
Edit Items - allows users to edit files in the folder
Delete Items - allows users to delete files
Delete Versions - allows users to delete previous version of a file (File History)
Therefore:
If you want to restrict deletes → Add + Edit
If you want to mimic a WORM folder → Add
Users will be unable to use the web version of Word for example, they can only upload completed files into the folder.
Click on Create to finalize this level.
Click on Documents in the left-hand menu to return home
2) Apply new permission to a folder
Looking at your Document Library, right click on the folder in which you want to restrict deletes.
Click on Manage access.
Click on the Groups tab and then click on the Members group.
Highlight the name of the group and then Copy the text.
Click on Direct Access and then Can edit. Choose Remove direct access.
This will remove the group from the list. You will be brought back to the list of groups.
Click on the ellipsis at the top and then Advanced settings.
Click on Grant Permissions in the top banner.
Paste in the name of the Members Group and click on the result.
Click on the SHOW OPTIONS text near the bottom.
Uncheck “Send an email invitation”.
Select your new permission level as the permission level for this invitation.
Click Share.
Click on Documents in the left-hand menu to return home
Reach out to techsupport@uconn.edu if you have specific questions or needs when following this guide.