Here’s some information on SharePoint Role Definitions
Role Definitions can be created quite easily
$spRoleDef = New-Object Microsoft.SharePoint.SPRoleDefinition $spRoleDef.Name = "Custom Permission Level" $spRoleDef.Description = "This is the description of a custom Permission Level" $spRoleDef.BasePermissions = ("ViewListItems","AddListItems","EditListItems") $spWeb.RoleDefinitions.Add($spRoleDef);
However, I kept getting SharePoint errors when I ran this script
Exception calling "Add" with "1" argument(s): "You cannot customize permission levels in a web site with inherited permission levels." At line:38 char:17 + $Web.RoleDefinitions.Add($spRoleDef); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) , MethodInvocationException + FullyQualifiedErrorId : ArgumentException
Again, this seemed like one of those common issues because there were a lot of posts online about how to fix it. You have to break inheritance with the site’s parent.
This makes perfect sense. If you’re inheriting from the parent then obviously you can’t start adding your own custom Permission Levels.
The problem was that this didn’t work for me. I kept getting the exact same error as before
What I misunderstood was that there are different types of inheritance:
- There are the Users and Groups that have been assigned to the List
- and then there are the Permission Levels that can be assigned to the Users and Groups
It is the Permission Level inheritance that needs to be changed.
Once that was done, then the Permission Levels could be created