Home Library Wiki Learn Downloads Support Forums Blogs
Sign in | United States - English | |

Managepermissionpolicylevel: Stsadm operation (Office SharePoint Server)

Updated: June 14, 2007

Applies To: Office SharePoint Server 2007

Updated: 2007-06-14

Operation name: Managepermissionpolicylevel

Enables an administrator to manage the policy levels for a Web application. This operation is the command-line equivalent of the process used on the Policy for Web Application page in the SharePoint Central Administration Web site.

Syntax

stsadm -o managepermissionpolicylevel

   -url <URL name>

   -name <permission policy level name>

   [{ -add | -delete }]

   [-description]

   [-siteadmin]

   [-siteauditor]

   [-grantpermissions] <comma-separated list of permissions>

   [-denypermissions] <comma-separated list of permissions>

Parameters

Parameter

Value

Required?

Description

url

A valid URL, such as http://server_name

Yes

The URL of the Web application to which the content database is being added

name

A valid name, such as "Name1"

Yes

The name of the permission policy level

description

For example, Full Control, Full Read, Deny Write, Deny All, or a custom policy name that has been separately created.

No

Sets the description for the permission policy level.

siteadmin

Either one of the following values:

  • True

  • False

No

Specifies whether the policy role grants site collection administrator status. Site collection administrators have Full Control over the entire site collection and can perform any action on any object.

A value of "True" permits site collection administrator status. A value of "False" does not permit site collection administrator status.

siteauditor

Either one of the following values:

  • True

  • False

No

Specifies whether the policy role grants site collection auditor status. Site collection auditors have Full Read access for the entire site collection including reading permissions and configuration data.

A value of "True" permits site collection auditor status. A value of "False" does not permit site collection auditor status.

grantpermissions

<none>

No

Lists the rights that are granted through the policy role.

denypermissions

<none>

No

Lists the rights that are denied through the policy role.
Community Content Add
Annotations FAQ
Here are the permission Id's that -grantpermissions and -denypermissions expect

If there is a combination of permissions you wish to roll together, just add the id's, e.g., if you wish to create a new permission level that allows users to View and Edit Items, add 1 and 4 which gives you 5. In your command, you may then say:

stsadm -o managepermissionpolicylevel -url http://your_site -add -name "ViewEditItemsOnly" -description "Allow user to view and edit items in a list only" -grantpermissions 5


Hope this helps anybody who's been frustrated by this command.


Permission ID - Permission/action affected

1 - View Items

2 - Add Items

4 - Edit Items

8 - Delete Items

16 - Approve Items

32 - Open Items

64 - View Versions

128 - Delete Versions

256 - Override Checkout

512 - Manage Personal Views

2048 - Manage Lists

4096 - View Application Pages(View forms, views and application pages (site settings for example) and enumerate lists)

65536 - Open (web sites, lists or folders to gain access to their contents)

131072 - View Pages in a Web Site

262144 - Add and Customize Pages

524288 - Apply Themes and Borders

1048576 - Apply Stylesheets

2097152 - View Usage Data

4194304 - Use Self-service Site Creation

8388608 - Create Subsites

16777216 - Create Groups

33554432 - Manage Permissions

67108864 - Browse Directories

134217728 - Browse User Information

268435456 - Manage Lists, Override Checkout, Delete Items, Approve Items, Open Items, View Application Pages, Manage Permissions, View Usage Data, Create Subsites, Add and Customize Pages, Apply Themes and Borders, Apply Stylesheets, Create Groups, Browse Directories, Use Self-service Site Creation, View Pages, Browse User Information, Open and Manage Personal Views

536870912 - Update Personal Web Parts

1073741824 - Manage Web Site

68719476736 - Use Client Integration Features

137438953472 - Use Remote Interfaces

274877906944 - Manage Alerts

549755813888 - Create Alerts

1099511627776 - Edit Personal User Information

1125899906842620 - Manage Lists, Override Checkout, Edit Items, Delete Items, Approve Items, Open Items, View Versions, Delete Versions, Create Alerts, View Application Pages, Manage Permissions, View Usage Data, Create Subsites, Add and Customize Pages, Apply Themes and Borders, Apply Stylesheets, Create Groups, Browse Directories, Use Self-service Site Creation, View Pages, Browse User Information, Manage Alerts, Use Remote Interfaces, Use Client Integration Features, Open, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts

http://www.liquidhub.com
Wayne, PA

History