A complete guide to managing SharePoint permissions

Written by Saajid Gangat in Microsoft,Microsoft Walkthroughs,SharePoint,SharePoint Guides,Step-by-step Guides Last Updated July 28, 2023

While SharePoint is excellent at delivering material, it excels at managing content security by restricting site access, file and folder access, or entire access. You may control who has access to what material and who has access to what files, as well as what they can do with them, such as change or just view the file.

Default permission levels are predefined sets of privileges that you may assign to individual users, groups of users, or security groups based on their functional requirements and security concerns. SharePoint Server permissions are managed at the site collection level and are inherited by default from the parent object. In this blog, we will go over the permission management tools accessible to users and how an administrator can utilize these settings to their advantage. We will also go over how to assign and set rights for users. Continue reading for a comprehensive guide to permission management in SharePoint Online.

  1. The permission prerequisites
  2. The basic information about SharePoint permissions management
  3. Best practices
  4. Permission inheritance

We have developed a blog with all the necessary information you need to guarantee you have a comprehensive understanding of SharePoint permissions after completing significant studies.

The permission prerequisites

Each new SharePoint site includes three permissions groups: Owners, Members, and Visitors. It’s a good idea to stick to these. You are free to create new SharePoint groups at any time, but this adds unneeded complexity. In certain cases, it may feel great to create a new SharePoint group, but you should always resist the urge and convince yourself that you need one. Every extra organization adds to a site’s complexity, making future ownership transfers more difficult.

Permissions levels

Site VisitorsYour site visitors are your “read-only” users. These individuals have access to only reading and downloading.
Site MembersSite Members are your “add/edit/delete” users. These users have the ability to add, modify, and remove the content as well as view and download it (documents, pages, announcements, events). They also have the ability to exchange information with others.
Site ownersSite Owners are your “full control users.” These users have the same advantages as Visitors and Members, as well as the ability to maintain site security, build additional web components, and govern navigation.

Owners have “Full Control,” Members have “Edit,” and Visitors have “Read” privileges by default. You may, of course, modify them; in fact, for the Members group on each site, we urge you to do so. Otherwise, I’d leave them alone because, one, they’ll be easier to deal with, and two, you want the transition to be as smooth as possible when someone takes over for you. For a new Owner, permission settings that are really difficult to comprehend are not enjoyable. Read on to find out how to modify those permissions.

Step by step process – Edit the three permission prerequisites – Owners, members, and visitors

  • First sign in to Office 365.

Use your account information, or if you already have a Skype account associated with the Office account in issue, you may use that.

  • Use the app launcher and navigate to “SharePoint”, and click on it.
  • In SharePoint go to the Site where your files are located.
  • In the menu bar, find and click on your document library.
  • Now click on “Settings”.
  • Now click on “Site permission”.
  • Click on “Add member” to either add a new member or edit the preexisting settings of your current members.

Permissions by default

While the requirements are all you may need, you may go a step further and alter permissions with greater complexity. SharePoint allows the admin to fine-tune permissions to exactly what is needed to delegate access to other members of the organization. There are five major ones that regulate almost all access.

Full list of permissions to work with

Complete command

If you have “Full Control” access and can alter the site’s content and settings, you are a member of the Owners group. Permission management is one of the most typical responsibilities undertaken by a site owner.

Design

If you are a member of the member’s group or higher, you can also enjoy this benefit. The “Design” access allows you to change the visual aesthetics of the site; however, you cannot change the site’s content, lists, or other library settings that are currently in place. You may change the view, color, fonts, and other design aesthetics.

Edit

This access, like design, allows you to update the site. You may go a step further and edit the site contents and library settings that are specified as default if you are a design member. This license is better suited for site editors and graphic directors who will profit greatly from the additional control access.

Read

If you can visit the site but not make changes to it or its content, you are a member of the Visitors group, which has the “Read” access level. For example, the “Read” access level allows you to view a site but not change any of its documents.

View Contribute

If you can see the site and change the content but not make changes, you are a member of the Members group with the “Contribute” access level.

Summary

The way you distribute rights on a SharePoint site should be determined by the site’s intended usage. If you’re in control of a site that stores final, published content — say, your HR department’s intranet site — you should allow a lot of people read access, very few edit access, and even fewer ownership access. If you have a team site, you should largely give out edit access; folks have jobs to do, so let them. If at all possible, avoid giving out read access and restrict the number of owners. It’s entirely up to you for other forms of ad hoc sites.

The basic information about SharePoint permissions management

People gain access to SharePoint by providing rights to “Securable Objects.” Sites, lists, libraries, folders, papers, and list items are examples of secure objects. Permissions cannot be assigned to specific columns (fields).

Though you can offer access to any and all of these secure objects, it is better to keep things simple by granting permissions just at the site level and allowing permissions inheritance (see below) to cascade down to the enclosed objects.

Sometimes, or even frequently, we need to provide access to certain document libraries, lists, folders, and so on. However, because each unique permission set necessitates attention and maintenance, it is critical to maintain these distinct permissions as few as feasible.

In other words, the necessity to secure SharePoint objects must be balanced against the administrative overhead involved with monitoring that security. For example, if the finance department has to keep the budget information secure, you might assign certain rights to their document library or folder. However, if a financial staff member departs or is hired, we must keep in mind that the finance papers have certain permissions, and you will need to review them.

Best practices

We always construct a Word or SharePoint list table that tracks “who can do what to what.” This is highly useful for developing, applying, and managing SharePoint permissions since it generates a structured view that is much simpler to comprehend than going into SharePoint and clicking on the permissions pages.

One of the best practices is to use permissions solely at the group level. Individual permissions can be specified for a normal user who has access to this document collection, but we recommend instead forming a group with a relevant name, such as COMPANY NAME, setting permissions for COMPANY NAME to have read access to the library, and then adding that person to that group. This generates a self-documenting framework and makes it easy to update the missions if the user departs, gets replaced, or has an assistant join. Permissions are changed simply by modifying the group membership. In certain contexts, this may be accomplished using active directory groups, using a similar technique and thought process.

Permission inheritance

You can break inheritance between different web elements and a site, much like you can break inheritance between subsites and parent sites. Assume you want to hide or make a document library read-only for Site Members. You can remove a library’s inheritance from the site and give it its own security. While this is sometimes necessary, it should be the exception rather than the rule.

One of SharePoint’s most powerful features is “object-level rights.” This is a smart way of expressing “with SharePoint, you may provide access to certain items without granting access to the entire site or system.” It’s a huge gain in SharePoint.

By default, everything of your site’s content inherits rights from the site itself. As a consequence, access to files A and B, libraries X and Y, and the entire site are identical. By breaking inheritance, you may make access to a file, library, list, or anything else in that site unique.

This is really attractive and has the potential to be highly useful. Breaking inheritance, on the other hand, may be highly problematic because it significantly increases the intricacy of your rights arrangement. That isn’t a bad thing, but you must be prepared to keep control once you have it. Fortunately, with SharePoint 2013, 2016, and Online, you can see who a file, list, library, or other object is “Shared With.” This option may be found in the ribbon of any library, list, item, or document; see the screenshot below for more information. Because this was not the case in previous versions of SharePoint, permissions were a total jumble.

Inheritance recommendations

However, when it comes to breaking inheritance and offering distinct rights depending on particular elements, you must proceed with caution.

  • Keep your library and website visits to a minimum:
  • If you must interrupt inheritance, do it at the group level rather than the individual file level. Put those files in a folder, library, or even a separate website and control privileges from there.
  • Take use of SharePoint groups:
  • Individual permissions should not be violated by allowing individuals access. Instead, create and use a SharePoint group for the event. It’s easier to make changes to a SharePoint group in one place and then enjoy every thing that automatically pulls that group’s permissions in than it is to make adjustments all around your company when someone joins or leaves.
  • Caution is advised: 
  • I’m not saying you shouldn’t employ object-level rights. It’s something I utilize on a regular basis. However, risk awareness is required. When things get tough, it’s easy to lose sight of your goals.

That’s it for this Blog thank you for taking time out to read our content, please feel free to email our team about how it went if you followed the steps or if you need more help with the questions we answered in this Blog.

Saajid Gangat

Saajid Gangat has been a researcher and content writer at Business Tech Planet since 2021. Saajid is a tech-savvy writer with expertise in web and graphic design and has extensive knowledge of Microsoft 365, Adobe, Shopify, WordPress, Wix, Squarespace, and more! You can connect with Saajid on Linkedin.

Recent Posts