Forum Discussion
SharePoint Permissions
When you open the advanced permission settings, click Grant Permission on the ribbon. Then, add your distribution list (such as “Everyone Except External Users”) and grant it direct access, rather than including it in any default groups. Once direct access has been assigned, remove the DL from any default groups, such as “Members, Visitors or Owners".
This direct access configuration is automatically applied at the site level. Although the modern experience interface only shows the three default SharePoint groups, any direct access assigned through the advanced permission settings in the classic experience is still in effect. In other words, what you see in the modern experience does not negate the permissions you’ve already set through the classic interface.
First, let's understand what permission level you need:
- "Contribute - Limited Access" is perfect for your case - it allows users to add items to lists and fill out forms, but prevents them from editing or deleting existing items
Here's how to set this up:
- Go to your team site's Settings (gear icon) → Site permissions
- Click "Advanced permissions settings"
- From the ribbon, select "Permission Levels"
- If "Contribute - Limited Access" doesn't exist:
- Click "Add Permission Level"
- Name it "Contribute - Limited Access"
- Check only these permissions:
- List Permissions: Add Items, View Items
- Site Permissions: View Pages, Open
- Personal Permissions: View Only
To apply these permissions:
- Return to Site permissions
- Click "Share site"
- Add "Everyone except external users".
- Click "Show Options"
- Change the permission level to "Contribute - Limited Access"
- Click "Share"
Key things to note:
- Your existing three members with edit access won't be affected by this change
- Users will only be able to see items they create plus any items you explicitly share
- For list-specific permissions, you can also break inheritance at the list level and apply these permissions there instead of site-wide
The "Share Site" button is only on a Communication site. I was given a Team site to work with. I know it's not recommended but would editing the Read permission level work? Would the Site Visitors then be able to have limited control?
Manage Permissions Using Direct URLs: 1. Advanced Permissions Settings: Navigate to: https://<your-site-name>.sharepoint.com/sites/<your-site-name>/_layouts/15/user.aspx Use this page to manage and view site users and groups. 2. Permission Levels: Navigate to: https://<your-site-name>.sharepoint.com/sites/<your-site-name>/_layouts/15/role.aspx Use this page to edit existing permission levels or create custom ones. Example: For a site named “Marketing-Team”: Advanced Permissions: https://Contoso.sharepoint.com/sites/Marketing-Team/_layouts/15/user.aspx Permission Levels: https://Contoso.sharepoint.com/sites/Marketing-Team/_layouts/15/role.aspx
Adjusting Read Permissions:Use the Permission Levels URL above.
Either edit Read (not recommended) or create a custom permission level with limited access, like “View Items” and “View Pages.”
The direct URLs work seamlessly regardless of whether your site is a Team Site or a Communication Site. Use them to navigate directly to the appropriate locations for managing permissions efficiently.I have tried creating a new permission level (Contribute - Limited Access and a few others) but I can never apply them. When the Everyone except external users group is added to Members they have edit access instead of the custom contribute permission. If the Everyone except external users group is in Visitors it applies read access. The default seems to override the permission I assign to the group and the new permission is not listed as a choice. The forum won't let me send pics. I keep getting the message Content Not Published - Your post contains invalid HTML. Remove the following invalid tags before publishing even though I am clearly not using HTML.
Your patience is appreciated!