ben tedder : code things

SharePoint blog permissions: a user guide

This is a step-by-step guide to setting up correct permissions for your SharePoint blog. We'll focus on the "comments" list, but you can take the same methods and apply it to photo libraries, post lists (for multiple authors), the list goes on. Let's get started!

Step 1: Create a new permission level
Step 2: Stop inheriting
Step 3: Apply correct permissions

Create a new permission level {#create-permission-level}

First we need to create a new permission level. This will allow us to give people specific rights on specific lists, instead of giving users global rights on a list. In order to do this, click on "Site Actions > Site Permissions."
Note: you must be in the site collection root to create permission levels

In the ribbon click "Permission Levels"

Next click "Add a Permission Level"

I've included a screenshot of the settings I use for this "contributor level permissions" permission level. This lets my users leave comments, but not have rights to approve other comments…anything of that nature.

For reference, here's the list of items I enable:

  • Add Items
  • Edit Items
  • Delete Items
  • View Items
  • Open Items
  • View Versions
  • Create Alerts
  • View Application Pages
  • View Pages
  • Use Remote Interfaces
  • Use Client Integration Features
  • Open

Stop Inheriting Permissions {#stop-inheriting-permissions}

Ok, you have created the correct permission level, now it's time to apply it to users on your lists. The first thing we'll do is manage our list. I'm going to use the comments list for this example, but you can also use "Posts", "Photos", or any other list.

Next, click "List Permissions" in the ribbon for the selected list.

What we need to do for our comments list is actually break the permissions so the contributor level permissions only applies to this list. So click "Stop Inheriting Permissions" in the ribbon.

Apply correct permissions {#apply-correct-permissions}

Once permissions are broken, click "Grant Permissions."

Finally, select your users and grant them the "contributor level permissions" permission level that we created earlier.


What you have now is a list that has broken permissions in order to grant a certain level of permissions to a certain group of users. This works great for a SharePoint blog, because you often are working in an intranet environment with a lot of users. Using this method you can allow/disallow people from commenting on a person-by-person basis if you so prefer.

One thing to remember here is that breaking list permissions is never a great solution to anything. Unless you have a very good method of managing which lists have broken permissions, it can quickly get out of control. So use this method with care. Most likely if you have a small blog site and you are the site collection administrator, you'll be fine with this way of doing things.

Let me know how it works, and as always, drop me an email if you'd rather someone else do it for you!

Note: this is a sister post of an article I wrote on Microsoft SharePoint's "Get the Point" blog entitled Enhancing a SharePoint blog site with pictures (Part 1).