Forum Discussion
johnjohn-Peter
Jan 13, 2025Iron Contributor
Contribute without download & Read-Only without download
We have a modern SharePoint Online site collection, of type communication site. And we need to have 2 custom permission levels:-
- Read-Only without download
- Contribute without download
So i follow those steps:-
- I copied the Built-in Contribute permission level, then i uncheck those 2 check-boxes:-
- I copied the Built-in Read permission level, then i uncheck those 2 check-boxes:-
Then i created 3 folders, as follow:-
- Contribute folder >> Assign it the built-in Contribute permission level
- Contribute without Download >> Assign it the custom permission level Contribute without download
- Read without Download >> Assign it the custom permission level Read without download
I have noted that this work as per my test.
For the first folder "Contribute", the user can edit the files using the browser, open them inside app and download them, as follow:-
For the second folder "Contribute without download", the user can edit the files using the browser ONLY, can NOT open them inside app and can NOT download them, as follow:-
For the third folder "Read without download", same as "Contribute without download" but users can view the file on the browser and can not edit them...
so my question, if i am doing things correctly? to have a custom permission level to allow users to contribute to files using the browser-only without the ability to download? and to allow users to view files using the browser-only without the ability to download?
Thanks in advance for any help and suggestions. and if there is a more robust approach?
- HaidariHammadBrass Contributor
Unfortunately, there’s no built-in way to configure “Contribute” without allowing downloads, as “Contribute” inherently grants collaboration rights.
Even with “View Items” permissions, a technically savvy user could potentially use browser developer tools or other methods to download files. This limitation highlights the need for more advanced controls to secure sensitive data.
To address this, I recommend utilizing the SharePoint Advanced Management (SAM) license. At $3 per user per month, SAM enables you to enforce site collection policies that can effectively block downloads for specific users or groups. SAM’s enhanced policies offer stronger security, reducing the risk of circumvention via technical means.
For more details about SAM and its features, refer to the official documentation:
SharePoint Advanced Management
If securing your files against unauthorized downloads is a priority, SAM is the best option.