Here’s some information on SharePoint Role Definitions
Role Definitions can be created quite easily
$spRoleDef = New-Object Microsoft.SharePoint.SPRoleDefinition $spRoleDef.Name = "Custom Permission Level" $spRoleDef.Description = "This is the description of a custom Permission Level" $spRoleDef.BasePermissions = ("ViewListItems","AddListItems","EditListItems") $spWeb.RoleDefinitions.Add($spRoleDef);
However, I kept getting SharePoint errors when I ran this script
Exception calling "Add" with "1" argument(s): "You cannot customize permission levels in a web site with inherited permission levels." At line:38 char:17 + $Web.RoleDefinitions.Add($spRoleDef); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : ArgumentException
Again, this seemed like one of those common issues because there were a lot of posts online about how to fix it. You have to break inheritance with the site’s parent.
$spWeb.BreakRoleInheritance($true)
This makes perfect sense. If you’re inheriting from the parent then obviously you can’t start adding your own custom Permission Levels.
The problem was that this didn’t work for me. I kept getting the exact same error as before
What I misunderstood was that there are different types of inheritance:
- There are the Users and Groups that have been assigned to the List
- and then there are the Permission Levels that can be assigned to the Users and Groups
It is the Permission Level inheritance that needs to be changed.
$spWeb.RoleDefinitions.BreakInheritance($true, $true)
Once that was done, then the Permission Levels could be created
Reblogged this on Sutoprise Avenue, A SutoCom Source.