Understanding How to Configure Permissions in a SharePoint Site for Effective Collaboration


Introduction

This article provides step-by-step instructions to configure a SharePoint Online (SPO) site with custom permissions that specifically address the use cases listed below. If the use cases presented here do not apply to your scenario, additional information can be found in the following KB article, How to work in Microsoft 365 (M365) with sensitive or highly sensitive data.

Use Case Specifics

Contents

Instructions

If you are using or intend to use Microsoft Teams for collaboration to benefit from chat and online meeting capabilities, then, for the use cases listed above, we recommend that you create a separate SharePoint site to act solely as a file repository. Applying some of the configurations identified in this article to your Teams SharePoint site could cause your Team to malfunction.

Creating a new SPO site

For the provisioning of a department owned and managed SharePoint Site, visit and request the item at SharePoint Site Collection.

  1. Request a SharePoint site at Departmental Team, SharePoint Site, or M365 Group (vt.edu)
    1. Select the Team site type

Top of Page

Creating a custom SPO permission for students/personnel

This configuration will allow you to define permissions for students/personnel who will need the ability to view and edit files, but not be allowed to delete them.

In this section, we will accomplish three configuration settings

Create a new permission level with edit capability but without deletion capability

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click the Gear icon in the top right.

    SharePoint Settings Icon

  4. Select the Site permissions menu item.

    Site Permissions

  5. Select the Advanced permissions settings menu item.

    Advanced Permissions Settings

  6. Select the Permission Levels menu item from the top toolbar.

    Permission Levels

  7. Select the Edit list item.

    Edit Permission Levels

  8. Scroll to the bottom and click the Copy Permission Level button.

    Copy Permission Level

  9. Enter "Edit No Deletion" or a descriptive name of your choice into the Name: text box.

    Name Permission Level

  10. Uncheck the Delete Items and Delete Versions checkboxes.

    Disable Delete Permissions

  11. Click the Create button at the bottom of the screen.

    Create Permission

Top of Page

Create a new group and assign the new permission level

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click the Gear Icon in the top right.

    SharePoint Settings Icon

  4. Click the Site Permissions menu item.

    Site Permissions

  5. Select the Advanced permissions settings menu item.

    Advanced Site Permissions

  6. Click on the Create Group menu item in the toolbar at the top.

    Create Group

  7. Enter the text "Edit No Deletion" or a descriptive name of your choice into the Name: text box. It is recommended that the name matches the permission level to easily provide permission information to the owner when assigning a new member to a group.

    Enter Group Name

  8. At the bottom of the page, select the permission level you created earlier, which in this screen shot is named "Edit No Deletion".

    Select Permission Level

  9. Click the Create button.

    Create Group Button

Top of Page

Set our new group as the default group for new members to the SPO site

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click the Gear icon in the top right.

    SharePoint Settings Icon

  4. Select the Site permissions menu item.

    Site Permissions

  5. Select the Advanced permissions settings menu item.

    Advanced Permissions

  6. Select the link of the new group you just created.

    Select New Group

  7. Click the Settings menu item at the top of the screen

    Select Group Settings

  8. Click the Make Default Group item.

    Make Default Group

Now when adding new members to the site add them to this group to give them edit ability with no deletion ability. By making it the default group, new members will automatically be added to this group.

Syncing files with local machines using the OneDrive Sync Client

For syncing to work, it is necessary to make sure the local machine has the OneDrive Sync Client running and working with OneDrive before continuing.

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click on the Documents menu item in the Navigation menu. This will bring you to your document library.

    Document Library

  4. Select the Sync item in the toolbar.

    Sync Menu Item

  5. Select the Sync now link.

    Sync Now

Top of Page

Checking files in and out to avoid accidentally overwriting other’s work

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click on the Documents menu item in the Navigation menu. This will bring you to your document library.

    Document Library

  4. Click the Gear icon at the top right.

    SharePoint Settings Icon

  5. Click the Library settings link.

    Library Settings

  6. Select the Version Settings link.

    Version Settings

  7. Select the Yes radio button under the Require documents to be checked out before they can be edited? setting.

    Configure Require Checkout

  8. Click the OK button.

    Select OK Button

Top of Page

Limiting file sharing to the SPO site owners only

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click on the Gear icon in the top right.

    SharePoint Settings Icon

  4. Click on the Site permissions link.

    Site Permissions

  5. Click on the Change how members can share link.

    Change Sharing Permission

  6. Select the Only site owners can share files, folders, and the site radio button.

    Only Site Owners

  7. Click the Save button.

    Save Sharing Permission

Top of Page

Marking files for deletion

If you need a way for members of your site who cannot delete files to still be able to mark documents for deletion, you can use the following approach called “Enterprise Keywords”.

Activating Enterprise Keywords

To activate Enterprise Keywords for your SPO site, do the following

  1. From Microsoft 365 Online, select the SharePoint App.
  2. Go to your SharePoint site.
  3. Click on the Documents menu item in the Navigation menu.
    Document Library
  4. From the Document Library screen, select the Gear icon in the toolbar on the top right of the screen.
    Document Library Settings
  5. Click the Library Settings link.
    Library Settings
  6. Select the Enterprise Metadata and Keywords Settings option.
    Enterprise Metadata and Keyword Settings
  7. Check the Add an Enterprise Keywords column to this list and enable Keyword synchronization box.

    Metadata Keyword Setting

  8. Click the OK button.

    Metadata Keyword Setting OK

  9. Click on the Documents menu item in the Navigation menu to get back to the top of the document library.
    Document Library
  10. Select the All Documents drop down.
    All Documents View
  11. Select the Edit current view menu option.
    Edit Current View
  12. Find and check the Enterprise Keywords box.

    Enterprise Keyword Column

  13. Click the OK button.
    Enterprise Keyword Column OK

Marking an item for deletion

  1. Click the Edit in Grid View item in the document library with nothing else selected.

  2. Once the page refreshes, click the cell in the "Enterprise Keywords" column next to the item you want to mark for deletion.

    Quick Edit Enterprise Keywords

  3. Type the agreed-upon keyword that to indicate deletion, such as “delete”.

    Delete Keyword

  4. Click the Exit quick edit menu item to save the keyword.

    Exit Quick Edit

Searching for marked items

  1. Give the site a little time to learn the keyword. It needs to re-index your site on this keyword.
  2. If you just type the keyword into the search box, it will return all tagged results as well as files that contain the word. However, if you specify the column, it will only return your tagged results. For example, “[Enterprise Keywords]:delete” will only return the files and folders you tagged with that keyword in that column.

 

Top of Page