11 December 2015

SharePoint Online Permissions - Default Or Custom?

SharePoint iconSharePoint permissions are very easy to use if you accept the default settings. That can work for a small team, but if you want to have more control over what users can see and do, SharePoint permissions get more complicated.

In two demos in a new article about SharePoint permissions in the Tips section, I explain how the permissions work by default and what you can do with them. I hope to warn for problems but also show the possibilities given by a good management of SharePoint permissions.

Permission levels
Microsoft has made it easier to set permissions by grouping connected permissions into permission levels. For example, if you want to give a user the right to view, add, update, and delete list items and documents, but nothing more, you don't have to give these four permissions separately. Instead you can set this user's permission to the pre-defined level 'Contribute'.

If none of the pre-defined levels fit, you can easily create your own permission level, and I show how to do that in one of the demos.

Default Edit permission
In SharePoint Online (and SharePoint 2013 on-premise), the default permission levels for all users is Edit. This means that users by default can not only view, add, update, and delete list items and documents but also add, edit, and delete lists and libraries as well as create, edit and delete columns and public views.

In my opinion this is a high level, but as long as you are aware of it there is no problem and you can decide if you should keep it or change it.
SharePoint hierarchy
Default Inheritance
Another default setting that can create problems is the inheritance. From the site collection and downwards SharePoint is organized in a hierarchy, and sites by default inherits the same permissions as the site collection, the list inherits the site permissions and the item inherits the list permissions.

This means that users who have Edit permission on a site by default also have Edit permission on all lists in that site, and they even have Edit permission on all items in each list.

But it is not difficult to break the inheritance. When you create a new site, you can just select another radio button than the default one in the settings and set new permission levels. Also for existing sites, pages and lists you can break the inheritance in the settings. This can be done down to file or item level.

Permission Groups
In the Tips article about SharePoint permissions I also explain how permission groups work. These groups of users who have the same permission level simplify the permission management a lot. A SharePoint team site has by default the groups Owners, Members and Visitors. You can add new users to these groups, but you can also create your own permission groups.

This Tips article is an introduction to SharePoint permissions that I hope will give SharePoint administrators who are new to the topic a better understanding of the problems and possibilities of SharePoint permissions. Refer to Microsoft for more detailed information on SharePoint permissions.

Peter Kalmström
CEO and Systems Designer Business Solutions