Table of contents
- Go to the right settings page
- Step 1: Reach the Document Library
- Step 2: Open Site Permissions
- Step 3: Open "advanced permission settings"
- Create a new custom permission level
- Step 1: Open "Permission-Level"-Settings
- Step 2: Select a Permission Level as starting point
- Step 3: Copy permission level
- Step 4: Provide a name to the new permission level
- Assign the new permission level
- Step 1: Reach the document library
- Step 2: Change the permission level for team-members
- Step 3: Change settings for all Members of the Team
- Step 4 Ensure you selected the right permission level
- Nice one! You did it! 💡
- Last but not least
- Conclusion
Recently a customer asked me if it’s possible to disallow Members from deleting files in an “MS-Teams Team” (The “Files” Tab in MS-Teams). My answer: Technically it’s possible to configure that, but (at the time of writing) there is no out-of-the-box setting you can use to achieve that in MS-Teams or the MS-Teams Admin-Center. But what we can do, is to change the permissions of the corresponding Document Library in SharePoint Online. Let me show you how to do that.
#How to configure it As a quick reminder, the files you share in Teams channels are stored in your team’s SharePoint folder. If you want to protect a file from deletion, you need to change the permissions in SharePoint and make that file read-only. But first, you need to create a custom permission role in the respective Document Library you want to restrict users from deleting files.
Go to the right settings page
Step 1: Reach the Document Library
Open the “Files” Tab in SharePoint Online in order to reach the Document Library of your MS-Teams Team.
Step 2: Open Site Permissions
Go to SharePoint’s Home page, and navigate to Settings → Site permissions.
Step 3: Open "advanced permission settings"
Select “Advanced permissions settings” get into the right Admin Panel.
Create a new custom permission level
Step 1: Open "Permission-Level"-Settings
In order to be able to disallow the deletion of files for members, we have to create a new “Permission Level”. This can be done in the “Permission Level”-Settings.
Step 2: Select a Permission Level as starting point
I like to use the “Contribute” Permission Level as a reference and remove the delete permission there. So I select it and scroll to the very bottom.
Step 3: Copy permission level
At the very bottom right, you can find the button “Copy Permission Level”. Click on that in order to create a new Permission Level based on the “Contribute” Permission Level.
Step 4: Provide a name to the new permission level
At this point, we provide a clear name and description to the new Permission Level.
For Example
- Name: Contribute - no delete
- Description: Can view, add, update list-items and documents but cannot delete any
Assign the new permission level
Step 1: Reach the document library
Now we need to assign the new created Permission Level to the Document Library. In order to do so, yo have to open the Document Library of your MS-Teams Team again.
Step 2: Change the permission level for team-members
Go to “Library settings” in order to change the permission level for the Team-Members.
<Important You will have to “Stop Inheriting Permissions” in order to be able to change the Permission Level for Team Members.
Step 3: Change settings for all Members of the Team
We want to change the settings for “Department Zero Members” (Department Zero = Team-Site used in this example) so we select it and click on “Edit User Permissions”
In this screen you can see the three Permission Groups which are inherited from the M365 Group Settings. Members and Owners should be pretty obvious. The Visitors Group is usually used for guests.
Step 4 Ensure you selected the right permission level
. We ensure, we only have the Permission Level selected we created previously (“Contribute – no Delete”). Confirm with “OK” and we’re done!
Nice one! You did it! 💡
From now on, only Owners of the MS-Teams Team will be able to delete files. Team Members will only be able to create new files and edit existing files.
Please don’t forget to inform your Team-Members about the change and who to contact in case of questions before applying this configuration.
Last but not least
It’s important to remember the following:
- The Steps described in this guide can be done by any MS-Teams Team Owner (no IT-Admin required).
- The Permission Level does only apply within this MS-Teams Team. You will have to do these steps for each MS-Teams team (or create a Template from an existing MS-Teams Team you applied this how-to).
- Keep track of the Teams where you applied this how-to in order to be able to cope with any future changes on the Microsoft 365 Platform.
- If you decided to create an MS-Teams Template, consider using a Pre- or Suffix for the MS-Teams-Teams which have applied custom configuration like the one described in this how-to.
Conclusion
Personally, I was surprised the first time I had a customer requesting this setting. The versioning and access control functionalities in MS-Teams/SharePoint are actually pretty good for me.
In case someone deleted a file, I could simply restore a previous version of the folder.
However, the versioning function in SharePoint Online/MS-Teams does not seem to have (yet) gathered enough popularity. Therefore I think some organisations which may find it more challenging to change their way of working from traditional- to modern, may benefit from this how-to.
In any case… it’s important to keep a clean inventory of the MS-Teams teams which have custom configuration. Even if currently we can restrict the deletion of Files for Team Members through the SharePoint Online settings, things may change in the future and you want to know which MS-Teams teams have a custom configuration.
I am considering to create a script in order to apply this change to multiple MS-Teams teams. I think it’s gonna be an an easy thing to do since you have to create a new Permission Level and so on.
What do you think? Is this a configuration which could be beneficiary to you or your organisation? Would you use a script to change the settings on multiple MS-Teams Teams? Let me know in the comments. I’d love to get your opinion!