Can't stop file deletions

I am trying to create a library where it's files cannot be deleted by anybody but the admin. For testing, I have created a new site and broke inheritance permissions from the parent.

I am the only person allowed on the site. I created a new permission set called NoDelete where I selected all permissions but deselected the delete items and files option. I created a group, added myself to it, added it to the site and assigned this permission set to it. So I still can act like an admin, but I should not be able to delete files or items from any library in this site. But I can delete, and all lists and libraries inherit permission from the site level, which has customized permissions as per above.  So why can i still delete files and items? Every other permission is enabled for this permission set, but I thought that disabling delete permissions only would work. Are there any other permissions that need to be disabled for this permission set to prevent item and/or file deletion?
LVL 9
BobHavertyComhAsked:
Who is Participating?
 
Rainer JeschorCommented:
Hi Robert,
which SharePoint edition / version?
Are you sure that your account is JUST in this group or are you e.g. site collection admin?
In SharePoint you will get the combination of all permissions you have - besides an explicit deny permission set configured in the Central administration on web app level (afaicr).

Thanks.
Rainer
0
 
Walter CurtisSharePoint AEDCommented:
Just a few points here - everything Rainer said is spot on, so check all of that. You mention that every other permission is on for this permission level. Make sure that the group you have granted permission to the library has only your custom permission bound to it.

Here are a few tips on testing:
Use the check permission function (found in the ribbon) to determine what the permissions are for individual users. Make sure you are checking permissions at the correct level you want.

Another thing I do always, use a second totally standard user account for testing. I have found that my admin account is never as I think so it is invalid for user testing. If you don't have a standard, "pure - virgin" account, get one and use that for your testing. Add or grant that account to the object you are working with, and test with the check permissions function and your results will be more accurate than your admin account.

Hope that helps,
0
 
BobHavertyComhAuthor Commented:
I am site collection admin, so apparently that's the problem. I am on Office 385 SharePoint, so any test accounts have to be purchased. Thd 365 plan I'm working with is not enterprise and has no access to central admin to set web app level stuff. So test accounts need to purchased, and maybe that's an inevitable dev expense.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.