Site Permissions in SharePoint
By default, SharePoint employs a inherited permission structure. What this means is that if you were to give a user access to a Site or Site Collection then that same user will have the same privileges all the way down the hierarchy to the item level for all of the libraries and folders that you create. This may not always be the best form of security for many organisations so SharePoint allows you to break the inheritance from the parent so that you can safely store sensitive data in your super-secret folder.
Setting permissions on a SharePoint Site is relatively easy. Make sure that you are using an administrator account when performing these tasks, otherwise, you will find that some of the options are not available or you will receive an error while trying to perform an action.
- Navigate to the Site that you would like to modify permissions for.
- Click the Settings button on the top right of the page and select Site Settings
- Select Site Permissions from the first list of options
- On the Permissions page you will see all of the users and groups that have access to this Site along with the rights that they have. The warning at the top of the page tell us
- At the top of the page you will see a number of options that allow you to perform certain actions.
Inheritance. This option will allow you toggle between Stop Inheriting Permissions or Delete Unique Permissions.
Stop Inheriting Permissions. This will break inheritance from the parent level. Therefore any new permissions or rights applied to any parent will not apply to this or any child object below it. Selecting this option would mean that you will need to create a custom permissions set.
Delete Unique Permissions. This does the opposite from Stop Inheritance Permissions. By selecting this option you are granting all parent level permissions access to this level and all child levels below it. This of course will not filter into any child object if the inheritance is broken.
Grant. Here you have the option to either Grant Permissions to a user or group or Create Group
Grant Permissions. Select this option to grant individuals or groups access to this object. Enter the name of the person or group that you want to grant access to, type a short message, this will be sent to the individual to let them know they have been granted access, assign the permission level and click Share.
Group Owner – The owner will have access to change any attribute for this group.
Group Name – The name that will appears in the permission list
Create Group. Create a new SharePoint group with permissions to this level. Here you have the option to choose a number of attributes, such as
Group Settings – Who can view the membership of this group and who can modify the membership
Membership Requests – Define how you want the join/leave requests to be handled
Permissions – Permissions assigned to this level.
Edit Permissions. Select a user or group that you would like to change the permissions for and select Edit Permissions. The following options are available.
Full Control – Has full control.
Design – Can view, add, update, delete, approve, and customize.
Edit – Can add, edit and delete lists; can view, add, update and delete list items and documents.
Contribute – Can view, add, update, and delete list items and documents.
Read – Can view pages and list items and download documents.
View Only – Can view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded.
Enhanced Contribute – Contribute permissions plus the ability to approve items and manage lists.
Remove User Permissions. By selecting this option you will remove the access right to this Site and all level below it that inherit permissions from it’s parent.
The Check Permission tool allows you to see what access rights are applied to any user or group and through which object. For Instance in the example below you can see that Dan Rose (Cogmotive) has been granted Limited Access directly to this level as well as Full Control by being a member of the Operations Owners group.
Permission Levels. Selecting this option will allow you to configure the permission levels that are available on this site. for example the View Only Permission has the following access rights
- View Items
- View Version
- Create Alerts
- View Application Pages
If you wanted to grant additional rights for users with View Only permissions for example Add Items, then you can do so , simply selecting this option.
Access Request Settings. Set if members can Share this site and set access requests