SOLVED

Restrict users from Deletion

Contributor
I have a SharePoint file library. There are couple of flows that triggers when users add file to this library.

Right now users can delete file from this library. How can I restrict users from deleting?
10 Replies
best response confirmed by Juan Carlos González Martín (MVP)
Solution

@cad-one 

 

There is no SharePoint default permission level which allows add/edit but not delete existing files.

 

Workaround:

You need to create a custom Permission level in SharePoint. This will be a copy of your existing permission level minus Delete Items permission. Follow below steps to achieve this:

 

  1. Click Site settings > (Go to top level site settings) > Users and Permissions > Site permissions.
  2. Click Permission Level, and we can customize a new permission level based on the existing ones.
  3. Open the Edit permission level, and click Copy Permission Level on the bottom.
  4. Give the name for the new permission level, and uncheck the Delete Items options. You can also remove other permissions that are unnecessary, such as Delete Versions.
  5. Click Create to create the permission level.
  6. Use this permission level to assign the permissions to users

ReferenceSharePoint online site permissions add but not delete 


Please click Mark as Best Response if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

@ganeshsanap I set up a custom permissions site and only check marked the: Edit Items  -  Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries. The delete options are not check marked. This still gives users the option to delete webparts, unfortunately. Is there anything I'm doing wrong or is this just a Microsoft bug?

@JennaB460 This is expected behavior as you are having permissions to edit the pages (items/documents).

Adding/removing web parts on a site page is part of editing pages.


Please consider giving a Like if my post helped you in any way.

@ganeshsanap 

Thanks for the workaround. But if eventually, the users are still able to delete a record. It is not a workaround solution for restrict users from deletion then?

@jcjcwolf When you are using above workaround, users are still able to delete the items?


Please consider giving a Like if my post helped you in any way.

@ganeshsanap These instructions are not correct or helpful at all.

@pweber1185 


@pweber1185 wrote:

@ganeshsanap These instructions are not correct or helpful at all.


No, this is exactly what you will need to do.
As @ganeshsanap explained:
Create a new Custom Permission Level and remove the "Delete Items" / "Delete Versions" Permission from the level.
Assign that permission level to every user 
The effect is that users can edit/create Documents in that Document Library, but are not able to delete them.


Keep in mind that users can still edit documents and Site Pages containing webparts are also just documents (and the permission level does not keep you from i.e. removing chapters from a word Document).
Also keep in mind that Site Collection Administrators are not affected by permission levels and will still have delete-permissions. 

If you want to have a solution that even prohibits site collection administrators from deleting files or if you want to use the solution on more than one site collection (or your whole tenant), you should take a look at Retention Labels
https://learn.microsoft.com/en-us/microsoft-365/compliance/retention-policies-sharepoint?view=o365-w...
https://compliance.microsoft.com/informationgovernance?viewid=retention
But this is can only tenant-wide be done by an administrator.


@pweber1185 Do you know any other way to achieve what OP asked for? If yes, you can shared it with community members here.

 

You have to create a custom permission level for this requirements. Steps might not be accurate based on which experience you are using (modern or classic).

 

You can go to advanced permissions settings page of site collection using URL in below format and create a new permission level as per your requirements and then use it to grant permissions to groups/users: 

 

https://contoso.sharepoint.com/sites/siteName/_layouts/15/user.aspx

 


Please consider giving Like if my post helped you in any way.

Hi @ganeshsanap ,

I also want the user to not be able to delete files. But after I did this step, it's true that the user can't delete it anymore. However, the user also cannot rename files, give file names when creating files, and cannot move files to other folders. Is it really like that?

@IrvanR Unfortunately, this is by design in SharePoint. In order to rename or move files, you need delete permissions on the files / document library.

 

More information:

  1. Rename a file - Without Delete permission 
  2. Permission Level which doesn't allow renaming file in document library 
  3. Why delete permission is required to rename a document in SP Document Library? 

Please consider giving a Like if my post helped you in any way.