What does it all mean: Permissions Groups, Permission Level, or Permissions!
In effort to help end-users understand how permissions works, I have written this blog on the basics of Permissions Groups, Permissions Levels and Permissions. See what I mean about similar wording!
So, why is permission so important? Permissions help owners manage sites efficiently and secure the content of the site by providing the right Permissions Groups, Permissions Levels and Permissions for their team.
“The easiest way to work with permissions is to use the default groups and permissions levels provided, which cover most common scenarios.” Microsoft
Owners can set fine-grained permissions beyond the default levels and it is best business practice to NEVER change the default settings as this will create inconsistencies throughout the collection sites, instead, create customized role definition.
Before we get into permissions, allow me to define ‘actions’. Actions are activities that users can perform within SharePoint. For example opening, adding, editing, or deleting a document. These are a few of the activities that allow end-users to collaborate with their team.
Permissions Groups
Microsoft defines Permission Groups as, "…a collection of users who all have the same set of permissions to sites and content. Rather than assign permissions one person at a time, you can use groups to conveniently assign the same permission level to many people at once".
SharePoint has three primary association Permission Groups: Visitors, Contribute, and Owners (as depicted on the pyramid image). Each Permission Group inherits the permission from the top level. For example, the Contribute group is able to do everything that the Visitors group can do, but cannot perform the actions that Owners can do. Notice that the top level is smaller, therefore it has fewer actions associated with that group. Unlike the bottom which has a lot more actions to manage.
Permission Levels
Microsoft has packaged several default groups with available actions, known as Permission Levels. Examples of Permission Levels are Full Control, Contribute, Read, etc.). These Permission Levels are then assigned to the Permission Groups mentioned above.
Permission Level
|
Description
|
Full Control
|
This permission level contains all permissions and it is assigned to site Owners. This permission level cannot be customized or deleted.
|
Contribute
|
Can add, edit, and delete items in existing lists and document libraries and it is assigned to site Members.
|
Read
|
Read-only access to the Web site. Users with this permission level can view items and pages, open items, and documents. It is assigned to site Visitors.
|
Permissions
There are 33 Permissions that are clustered into: List Permissions, Site Permissions, and Personal Permissions. Each Permission has associated actions. Below are tables for each cluster (List, Site, and Personal) with the Permissions and Permission Levels.
An X indicates that Permission are enabled for that Permission Level. For example, Manage Lists, is enabled for the Owners Group, whereas Contribute and Read are disabled.
List
Permissions
|
Permission Levels
| ||
Owners
|
Contribute
|
Read
| |
Manage Lists
|
X
|
NO
|
NO
|
Override List Behaviors
|
X
|
NO
|
NO
|
Add Items
|
X
|
X
|
NO
|
Edit items
|
X
|
X
|
NO
|
Delete Items
|
X
|
X
|
NO
|
View Items
|
X
|
X
|
X
|
Approve Items
|
X
|
NO
|
NO
|
Open Items
|
X
|
X
|
X
|
View Versions
|
X
|
X
|
X
|
Delete Versions
|
X
|
X
|
NO
|
Create Alerts
|
X
|
X
|
X
|
View Applications Pages
|
X
|
X
|
X
|
Site
Permissions
|
Permission Levels
| ||
Owners
|
Contribute
|
Read
| |
Manage Permissions
|
X
|
NO
|
NO
|
View Web Analytics Data
|
X
|
NO
|
NO
|
Create Subsites
|
NO
|
NO
|
NO
|
Manage Web Site
|
X
|
NO
|
NO
|
Add and Customize Pages
|
X
|
NO
|
NO
|
Apply Themes and Borders
|
NO
|
NO
|
NO
|
Apply Style Sheets
|
NO
|
NO
|
NO
|
Create Groups
|
X
|
NO
|
NO
|
Browse Directories
|
X
|
X
|
NO
|
Use Self-Service Site Creation
|
X
|
X
|
X
|
View Pages
|
X
|
X
|
X
|
Enumerate Permissions
|
X
|
NO
|
NO
|
Browse User Information
|
X
|
X
|
X
|
Manage Alerts
|
X
|
NO
|
NO
|
Use Remote Interfaces
|
X
|
X
|
X
|
Use Client Integration Features
|
X
|
X
|
X
|
Open
|
X
|
X
|
X
|
Edit Personal User Information
|
X
|
X
|
NO
|
Personal
Permissions
|
Permission Levels
| ||
Owners
|
Contribute
|
Read
| |
Manage Personal Views
|
X
|
X
|
NO
|
Add/Remove Personal Web Parts
|
X
|
X
|
NO
|
Update Personal Web Parts
|
X
|
X
|
NO
|
I hope this blog was useful in understanding the basics of Permissions Groups, Permissions Levels and Permissions. Leave me comments or questions regarding permissions or other topics about SharePoint you wish to learn more about.
No comments:
Post a Comment