SharePoint Create custom permission levels and groups with c#

You can use custom code to create your own permission level and custom groups in SharePoint. Usage is mostly a feature which user can activate or if you are using a site definition it would be used to provide custom groups and permission levels to a specific site template at creation time.

Let’s see what we have to do in code? This code could be implemented in a feature event receiver.

Create Permission Level

At first we create the permission level. There are two ways. You can use a default or a already existing permission level. In the second part you see how to generate your own permission level.

[sourcecode language=”csharp”]

//Get default permission level
SPRoleDefinition roleDefAdmin = web.RoleDefinitions.GetByType(SPRoleType.Administrator);

//Create a new permission level
SPRoleDefinition roleDefContributeNoDelete = new SPRoleDefinition();
roleDefContributeNoDelete.Name = “Contributor Permissions without Delete”;
roleDefContributeNoDelete.Description = “Mitwirken ohne Löschen”;
roleDefContributeNoDelete.BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.EditListItems
| SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.CreateAlerts
| SPBasePermissions.ViewFormPages | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo
| SPBasePermissions.UseRemoteAPIs | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open;



If you now deploy your permission level should be available.

Create Group and assign permission level

In these steps we create a group and assign the permission level to the group.

[sourcecode language=”csharp”]

//create group
rootWeb.SiteGroups.Add(“Meine Gruppe”, site.Owner, site.Owner, “Beschreibung”);
//get the created group from web
SPGroup groupAdmin = rootWeb.SiteGroups[groupname];
//Create a new assignment and afterwords, bind the group to it. Then set the roledefinition (permission level) to it and add it to the web.
SPRoleAssignment roleAssignAdmin = new SPRoleAssignment(groupAdmin);


Now if you look at site actions – site permissions your group should be displayed with the permission level we assigned.



The article or information provided here represents completely my own personal view & thought. It is recommended to test the content or scripts of the site in the lab, before making use in the production environment & use it completely at your own risk. The articles, scripts, suggestions or tricks published on the site are provided AS-IS with no warranties or guarantees and confers no rights.

About Karsten Schneider 312 Articles
Consultant for Microsoft 365 Applications with a strong focus in Teams, SharePoint Online, OneDrive for Business as well as PowerPlatform with PowerApps, Flow and PowerBI. I provide Workshops for Governance & Security in Office 365 and Development of Solutions in the area of Collaboration and Teamwork based on Microsoft 365 and Azure Cloud Solutions. In his free time he tries to collect tipps and worthy experience in this blog.


  1. I suggest you should add how to find the unique permission :
    RoleDefinitionCollection roleDefs = null;
    roleDefs = context.Web.RoleDefinitions;
    RoleDefinition roledef = null;
    roledef = roleDefs.GetByName(“Contribute but not delete”);
    if (roledef != null)

Leave a Reply

Your email address will not be published.