Master SharePoint custom permissions with PowerShell automation. Create secure 'Edit without Download' permissions for enhanced document security and collaboration.
In this comprehensive guide, we'll walk you through creating a unique SharePoint permission level that allows users to edit documents without the ability to download them. This specific permission setup is crucial for maintaining document security while still enabling collaboration and content modification.
Right-click on PowerShell 7 and select "Run as Administrator" to ensure proper permissions for module installation and SharePoint operations.
Run the following commands in sequence to install PnP PowerShell, connect to your SharePoint site, and create the custom permission level:
# Install PnP PowerShell Module
Install-Module -Name "PnP.PowerShell"
# Connect to SharePoint Site (Update URL to your site)
Connect-PnPOnline -Url https://yourdomain.sharepoint.com/sites/test -UseWebLogin
# Create Custom Permission Level: "Edit without Download"
Add-PnPRoleDefinition -RoleName "Edit without Download" -Clone "Contribute" -Exclude "DeleteListItems", "DeleteVersions", "ManagePermissions", "ManageWeb", "AddAndCustomizePages", "ApplyThemeAndBorder", "ApplyStyleSheets", "CreateSSCSite", "UseRemoteAPIs", "OpenItems", "ViewVersions", "CancelCheckout", "ManagePersonalViews", "AddDelPrivateWebParts", "UpdatePersonalWebParts", "CreateGroups", "ManageAlerts", "CreateAlerts", "EditMyUserInfo", "EnumeratePermissions"The custom permission level is based on the "Contribute" level but excludes specific permissions to prevent downloads while maintaining editing capabilities:
Prevents direct file downloads
Restricts version history access
Prevents content deletion
Blocks permission changes
Prevents site-level changes
Blocks page modifications
Restricts group creation
Prevents alert management
Now that we've created the custom permission level, follow these steps to assign it to a specific folder:
Select the folder you want to set the custom permission on
Click on the three dots and choose Manage
Click on the three dots and select "Manage" to access folder permissions
Click on Advanced settings
Click on Stop Inheriting Permissions to break inheritance
Access advanced permission settings for granular control
Break permission inheritance to apply custom permissions
Click on Grant Permissions
Type username, show options, choose Edit without Download
Click on Share to apply the custom permissions
Start the process of granting custom permissions
Select the custom "Edit without Download" permission level
You have successfully created and assigned a custom SharePoint permission level that allows users to edit documents without downloading them. This enhances document security while maintaining collaborative capabilities.
Monitor and track file downloads in SharePoint with automated reporting and PowerShell automation.
PowerShell module for handling logging in Intune Remediation scripts with transcript management.
Automated Windows Update management and remediation scripts for Microsoft Intune environments.
