Join Gini von Courter for an in-depth discussion in this video Understand your SharePoint permissions, part of SharePoint Online Essential Training: The Basics.
- [Instructor] When you log into SharePoint, you're able to interact with individual sights and the items in those sites based on the permissions that you have been granted. SharePoint uses role-based access control, which allows the administrators of SharePoint to very precisely control access to sites and to items stored on sites. There are built-in permission levels in SharePoint. For example, full control, design, edit, contribute, read, limited access, view only are some of the built-in permission levels.
Each type of SharePoint site has default SharePoint groups that utilize one of these roles. When we create a new team site, SharePoint uses three of these to make it easy to assign permissions to users. Users are assigned to groups, and groups are given specific permissions. In SharePoint team sites, the three groups that are created are site owners, site members, and site visitors. Site owners have full control of a site.
That means they can change the site structure; even delete the site if they wish. They can add or remove users and grant permissions to users and groups. Owners have the ability to create or delete content anywhere in the site. If there's anything that can be done to a site, a site owner can do it, and this site owner's group is created automatically. When you create a new SharePoint site that is attached to a SharePoint group, you have the ability as soon as you create the site to add new site owners.
The second group that's automatically created is site members. Members are given the edit role. They have the ability to upload, edit, and delete documents and the same with items and lists. Members can even create, and edit, and delete new lists. When you create a new SharePoint site that's based on a group, most of the people that you will add other than the site owners are automatically added as members. And finally we have visitors to sites who have read permission.
They can view the site's pages, they can view items that are in lists, and they have the ability to view and to download documents, and even though there are other site groups, site owners, site members, and site visitors groups are used for much of the permission setting that will be done in SharePoint. I've talked about permissions being granted at the level of a site. That's not necessarily the case. For example, it's possible to set permissions in SharePoint at the level of particular library or list, or even a folder or a document.
So if there is a particular folder on a SharePoint site that only two or three people should view, it's possible that other people don't have permission to that folder. A typical use of that would be a budget folder or a folder with other high-level information in a project site. Generally speaking though, it's a best practice to have the same permissions throughout a site rather than set them at a more granular level. Two more things. First, there's one other level of permission we haven't talked about.
It's an implied permission. Maybe you don't have any permission at all for a site, or a library, or a list. For example, if you do not have any permission for library B, then if there are documents there and you search for them, you won't find them because you don't have permission to see them; they won't show up in your search results. And finally your permissions can be modified by a site owner or by your SharePoint administrator. If you don't have the permissions that you think you should have for a site, then contact that site's owner, or contact your organization's SharePoint administrator.
- Understanding SharePoint permissions
- Searching SharePoint sites
- Editing, saving, and sharing documents
- Using OneDrive for file storage
- Working with libraries and list apps
- Creating custom and dynamic views
- Integrating Office apps: Outlook, Word, and more
- Going mobile with SharePoint Online