Remove Download and Delete option in Sharepoint Online

Recently, I was given a task to create a new Sharepoint online site that does not allow member users to download or share documents from the document library. Users can edit and upload documents but must not be able to delete any documents from the document library.

In this blog post, I will show you the steps to disable or remove download and delete option in sharepoint online document library.

Step 1 – Activate SharePoint Server Enterprise Site Collection features

First step is to activate the SharePoint server enterprise site collection features setting under the Site Collection features, which also enables the view-only permission level. View-only permission level is required to create a custom permission level to meet our requirements of blocking downloads and delete permissions on all documents stored in the document library.

Steps to Activate Activate SharePoint Server Enterprise Site Collection features

  • Identify the SharePoint site you want to manage and restrict permissions..
  • You can access the Sharepoint site with admin-level permissions by going to the Sharepoint online admin center and clicking on the URL to open the site.
Steps to Activate Activate SharePoint Server Enterprise Site Collection features
Open the Sharepoint Site
  • On the left-hand side, Click on Site contents > Site settings.
Go to Site Settings on Sharepoint Online Site
Go to Site contents > Site Settings
  • Click on Site collection features.
Click on Site collection features link
Click on Site collection features link
  • Scroll down to find SharePoint Server Enterprise Site Collection features and click the Activate button.
SharePoint Server Enterprise Site Collection features
SharePoint Server Enterprise Site Collection features

Step 2 – Create a Custom Permission Level from View-Only Permission

In this step, we will duplicate the View-only permission and create a new permission called Block Download and Delete.

  • Go to the SharePoint site and click Settings Icon > Site Permissions.
Click on Settings > Site permissions
Click on Settings > Site permissions
  • Click on Advanced permissions settings.
Click on Advanced permission settings
Click on Advanced permission settings
  • Then click on Permission Levels.
Click on Permission Levels
Click on Permission Levels
  • Click on View Only permission level.
Click on View Only permission level
Click on View Only permission level
  • Scroll down on the View Only permission settings page and Copy Permission Level.
Click on Copy Permission Level
Click on Copy Permission Level
  • Provide the name and description of the new permission level, for example, Block Download and Delete, and select the checkboxes to Add items and Edit items. This will allow the users to Upload and Edit documents in the document library. If you want to restrict the users from uploading documents to this Sharepoint library, you can keep Add Items unchecked.
  • Keep Delete Items unchecked; this will prevent users from deleting documents from the library. Finally, click the Create button to create this permission level.
Create a New Permission Level called Block Download and Delete
Create a New Permission Level called Block Download and Delete
  • Block Download and Delete permission has been created successfully and is showing under the Permissions Levels. This permission is ready to be assigned to the End users.
Block Download and delete permission level created
Block Download and delete permission level created

Step 3 – Assign New Permission level to Users

Now that we have successfully created the Block Download and Delete Permission level, we can assign it to an Entra security group or directly to end-users. For easier management, I would prefer to create an Entra security group and assign this new permission level; this way, if any other user requests the same level of access, they can be granted access by adding them to the group.

I have already created an Entra security group called Block Download and Delete Permission. I will use this group and assign it to the Block Download and Delete permission level.

We can Grant Permissions using the Advanced Permission settings page we saw in the previous section of the post. Let’s review the steps again.

  • Go to the SharePoint site and click Settings Icon > Site Permissions.
  • Click on Advanced permissions settings.
  • Click on Grant Permissions.
  • Under the Invite People tab, provide the name of the Entra security group or a user account and click on Show options. Uncheck the Send an email invitation checkbox to disable email notifications to the end users.
  • Select a permission level: Select Block Download and Delete permission levels we created in the previous steps using the drop-down.
Assign New Permission level to Users
Assign New Permission level to Users
  • A new permission level is assigned and will appear on the Advanced Permissions settings page.
New permission level assigned
New permission level is assigned

Check Permissions assigned to the User

After assigning permissions to users, you can verify their permissions using the Check Permissions option. Let’s check the steps:

  • Go to the SharePoint site and click Settings Icon > Site Permissions.
  • Click on Advanced permissions settings.
  • Click on Check Permissions from the menu.
  • Provide the name of a user or group and click on Check now.
Check Permissions assigned to the User
Check Permissions assigned to the User

End User Experience

After setting up the permission levels and assigning them to an Entra security group, we can add users and check if the permissions are applied successfully.

For testing, I have assigned a user called Joni Sherman (JoniS@cloudinfra.net) to the Entra group Block Download and Delete Permission. Then, I accessed the SharePoint site as Joni Sherman; I could confirm that the Download and Delete options were unavailable.

However, the screenshot below shows that Share permissions are still available. In the next section of this blog post, we will also see how to limit sharing options.

Download and Delete option disabled and not appearing on the Sharepoint site document library
The download and Delete options are disabled and not appearing on the Sharepoint site document library

Disable Share Permissions in Document Library for Users

If you have a requirement to block or disable share permissions from the document library for specific users, then you can follow the below steps:

  • Open the Sharepoint Site and click on Settings Icon > Site permissions.
Go to Site Permissions under Settings
Go to Site Permissions under Settings
  • Click on Change how members can share.
Click Change how members can share
  • Select the radio button Only site owners can share files, folders, and the site. Toggle off the Access requests setting. This way, only site owners can share SharePoint site items, not the members. Click on Save.
Only site owners can share files, folders, and the site
Only site owners can share files, folders, and the site

End User Experience

As a user, I refreshed the site, selected a document, and clicked on the Share. The Send button was greyed out, and Sharing was limited to only using the Copy link option.

Screenshot showing Send option disabled when clicked on Share
Screenshot showing Send option disabled when clicked on Share

Leave a Comment