Allow site owners to manage permissions on new lists, but not on site. RRS feed

  • Question

  • Does anyone know of a way to allow site "owners" to manage permissons within their site but not overall site access?  Our data security department wants access to the main site controlled by Active Directory groups, but they're fine will allowing site owners to change permissions on lists/libraries/documents within the site.

    Unfortunately, SharePoint only has one "Manage Permissions" setting, it doesn't allow me to separate out site permissions from list permissions.   The only way I see is for me to customize permissions on each and every list they create - which is prohibitively time consuming, not to mention annoying for the site owners.

    Has anyone else had this problem?   Is there any way to separate out the list permissions?   Or just change SharePoint so that the default permissions on a new list are NOT the site permissions but a different default set?

    Friday, November 18, 2011 10:20 PM


  • You should be able to implement an event receiver which fires on list creation which breaks permission inheritance and assigns the permissions to the user. The code would have to run with elevated priviledges.
    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.
    • Marked as answer by Pengyu Zhao Friday, November 25, 2011 7:20 AM
    Friday, November 18, 2011 10:31 PM

All replies