Prevent Document Library Deletion

Posted by

With document libraries, there isn’t a permission level to restrict deletion of document libraries. There is the standard out of the box “Manage Lists” permission that includes the ability to create or delete lists/libraries. However, did you know that this permission level is assigned to the Edit permission which in turn by default is assigned to Site Members group.

Members all have delete list permissions

Any list or library that is deleted goes to the Recycle Bin and there are two levels (user and admin) and they will stay there for 93 days per level. Typically, if you are managing a large set of libraries across many site collections it may become harder to detect these.

Now, there are a couple of simple options here:

  1. Remove the Delete Library option, they can add but not remove.
  2. Block both create and delete by switching the Edit permission to Contribute.

Point 2 can be a little heavy to block creation – in the past, I have setup typically required additional configuration such as custom Content Types and Metadata for Document/Records Management. It cannot be expected or assumed that all staff would know how to configure these libraries and to do these consistently. For these situations, in the past I have created a provisioning solution to configure the libraries for the requester.

Unfortunately, on a list or library you cannot remove the delete option with the user interface, it has to be done by API call.

It’s scriptin’ time….

I typically include two actions into my provisioning scripts to do the following:

  1. Disable Library Delete
  2. Change the Site Members group to “Contribute”

The scripts are quite simple to stop this from occurring, in these examples, I use the PnP-PowerShell library to perform these actions.

1. Remove Delete Option

This script removes the delete option from the document library:

For a full script, I have created a SharePoint Recipe on GitHub with a full script: https://github.com/CaPa-Creative-Ltd/SharePoint-Recipes/blob/master/Recipes/Document-Management/Remove-DeleteOption.ps1

2. Replacing the members permissions from Edit to Contribute

This script lowers the permissions of the Site Members group to Contribute permission:

For a full script, I have created a SharePoint Recipe on GitHub with a full script: https://github.com/CaPa-Creative-Ltd/SharePoint-Recipes/blob/master/Recipes/Document-Management/Set-LowerSiteMembersPermissions.ps1

Few things to note

  1. By removing the delete option, if you are a site owner, this will stop YOU as well, as it removes the UI option to delete. You will need a script to restore the option.
  2. In Office 365 Groups, the “Documents” library already has this removed.
  3. In Communication Sites, the option to remove “Documents” and “Site Pages” is shown – which means any of your content editors can delete the libraries and potentially cause an outage on your site if you are using this as an Intranet.
  4. Different site templates have different options, so its best to check the types of sites you plan or use, to see if you need to level out the options accordingly to your policies.

Useful References

Enjoy and feel free to let me know if you have any questions.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.