none
Restrict Delete in Explorer view

    Question

  • I have setup a custom permission level (copy of contribute except delete permission) on document libary to restrict delete documents. However, it looks like the user still can delete from Windows Explorer view. Restrict/hide Explorer view is not an option here since users heavily use Explorer view. I cannot use SharePoint Designer on the production site since it's locked for everyone. I didn't find a clear solution on the web, hoping someone could have resolved this already. What are my options?

    Tuesday, May 17, 2011 8:54 PM

Answers

  • You dont have to modify the pages to remove the ability to delete list items or docs. Either create a new group with the same permissions as the contributor group the remove the delete item permission or modify the contributor group permissions. I would suggest leaving all OOB groups alone and creating another group with the permissions you need. I have included a link for the SharePoint 2007 OOB permissions matrix...

    SharePoint Permissions Matrix http://dimension-si.com/downloads/Shared%20Documents/Client/SharePoint_Permissions_Matrix.xlsx

    You can test this approach by breaking the permissions inheritance on a document library and modifying the permissions.

     

    Cheers,

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Leoyi Sun Thursday, May 26, 2011 9:47 AM
    Tuesday, May 17, 2011 11:29 PM
  • Hi,

    My pleasure... Explorer view, delete is still visble but you cant delete when signed in as a user with the permissions you described. Just like on a file share delete isnt removed if the ACL only allows read access but you cant delete anything.

     

    -Ivan


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Leoyi Sun Thursday, May 26, 2011 9:47 AM
    Wednesday, May 18, 2011 4:18 PM

All replies

  • You dont have to modify the pages to remove the ability to delete list items or docs. Either create a new group with the same permissions as the contributor group the remove the delete item permission or modify the contributor group permissions. I would suggest leaving all OOB groups alone and creating another group with the permissions you need. I have included a link for the SharePoint 2007 OOB permissions matrix...

    SharePoint Permissions Matrix http://dimension-si.com/downloads/Shared%20Documents/Client/SharePoint_Permissions_Matrix.xlsx

    You can test this approach by breaking the permissions inheritance on a document library and modifying the permissions.

     

    Cheers,

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Leoyi Sun Thursday, May 26, 2011 9:47 AM
    Tuesday, May 17, 2011 11:29 PM
  • Thanks for reply. I am well aware of permission matrix and I have created custom permission level already, a copy of contribute but without delete. By doing this, 'Delete' option is gone in Context Menu in document library. Fine so far.....

    However, explorer view is acting differently. Wouldn't this permission change propagates to Explorer view or not? I saw in my tests, DELETE option is still available in Explorer view. Is it right?

    Wednesday, May 18, 2011 4:00 PM
  • Hi,

    My pleasure... Explorer view, delete is still visble but you cant delete when signed in as a user with the permissions you described. Just like on a file share delete isnt removed if the ACL only allows read access but you cant delete anything.

     

    -Ivan


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Leoyi Sun Thursday, May 26, 2011 9:47 AM
    Wednesday, May 18, 2011 4:18 PM
  • Good to konw. Let me run some tests and confirm. Thanks for reply again.
    Wednesday, May 18, 2011 4:23 PM
  • I tested, but failed on my SharePoint 2010 environment.

    A new SharePoint group has been created, with the same permission as the Contributor group, having the delete item permission removed.

    In a document library, the [Delete Document] icon is disabled even after selecting a document / folder, showing that the user does NOT have the permission to delete documents. <-- This is correct!

    Clicking the [Open with Explorer] icon, and trying to delete a document in the Explorer. The same user can now delete the document successfully. <-- This is NOT what we want, as we want to restrict the user from removing documents!

    Is there any way to resolve this?


    -- Martin POON -- Principal Consultant @ AppsGoGo.com -- SQL Server MVP, MCTS, MCITP ~~ http://msMVPs.com/blogs/MartinPOON ~~ http://www.MartinPOON.com
    Monday, October 03, 2011 3:18 AM
  •  

    It's worked for me in MOSS 2007. I didn't get a chance to test on 2010 yet. I have created copy of contribute permission level and unchecked the Delete items check box.

    Sunday, October 16, 2011 12:56 AM