This is a nice, simple trick! My customer wanted to add a permission level to all site collections. It’s called Site Owner and is basically full control without the ability to create sub-sites (webs). So I added this to my site creation script.
#Create the Site Owner permission level
write-host “Creating custom permission level: Site Owner”
$plAdmin=New-Object Microsoft.SharePoint.SPRoleDefinition
$plAdmin.Name=”Site Owner”
$plAdmin.Description=”Custom Permission Level for site owners”
$plAdmin.BasePermissions=”EmptyMask,
ViewListItems,
AddListItems,
EditListItems,
DeleteListItems,
ApproveItems,
OpenItems,
ViewVersions,
DeleteVersions,
CancelCheckout,
ViewFormPages,
Open,
ViewPages,
ViewUsageData,
BrowseDirectories,
BrowseUserInfo,
AddDelPrivateWebParts,
UpdatePersonalWebParts,
UseClientIntegration,
UseRemoteAPIs,
ManageAlerts,
CreateAlerts,
EditMyUserInfo,
ManageWeb,
ManageLists,
AddAndCustomizePages,
ManagePersonalViews,
ApplyThemeAndBorder,
ApplyStyleSheets,
EnumeratePermissions”
$web.RoleDefinitions.Add($plAdmin);
I have yet to find a list of all the role definitions so you pretty much have to figure it out from the Site Permissions page.
Go to Site Settings, Site Permissions, and click Permission Levels on the toolbar. Once you are there, click on Full Control and that will give you a list of all the permissions. You can use the above code to figure out what you want to include.
That’s it! Until next time,
The Grumpy Guru 