Google

06 December 2017

SharePoint Online Permission Settings

SharePoint iconSharePoint permissions are very easy to use if you accept the default settings. That can work for a small team, but if you want to have more control over what users can see and do, SharePoint permissions get more complicated.

In an updated article about SharePoint Online permissions in the kalmstrom.com Tips section, I explain how the permissions work by default and what you can do with them. I hope to warn for problems but also show the possibilities given by a good management of SharePoint permissions.

Permission levels
Microsoft has made it easy to set permissions by grouping connected permissions into permission levels. For example, if you want to give a user the right to view, add, update, and delete list items and documents, but nothing more, you don't have to give these four permissions separately. Instead you can set this user's permission to the pre-defined level 'Contribute'.

If none of the pre-defined levels fit, you can easily create your own permission level, and I show how to do that in the demo below, which is also included in the article.

Default Edit permission
In SharePoint Online (and SharePoint 2013 on-premise), the default permission levels for all users is Edit. This means that users by default can not only view, add, update, and delete list items and documents but also add, edit, and delete lists and libraries as well as create, edit and delete columns and views.

In my opinion this is a high level, but it is no problem as long as you are aware of it. Then you can decide if you should keep it or change it. Problems arise if admins are not aware of this default permission.
SharePoint hierarchy
Default Inheritance
Another default setting that can create problems is the inheritance. From the site collection and downwards, SharePoint is organized in a hierarchy. Sites by default inherits the same permissions as the site collection, the lists inherit the site permissions and the items inherit the list permissions.

This means that users who have Edit permission on a site by default also have Edit permission on all lists in that site, and they even have Edit permission on all items in each list.

If you don't like this, it is not difficult to break the inheritance. When you create a new site, you can just select another radio button than the default one in the settings and set new permission levels. Also for existing sites, pages and lists you can break the inheritance in the settings. This can be done down to file or item level.


Security Groups
In the Tips article about SharePoint Online permissions I also explain how security groups work. These groups of users who have the same permission level over sites simplify the permission management a lot. They are especially useful when you want to give people permissions on multiple site collections.

I hope my introduction to SharePoint permissions will give SharePoint admins who are new to the topic a better understanding of the problems and possibilities of SharePoint permissions. Refer to my book SharePoint Online from Scratch or to Microsoft for more detailed information on SharePoint permissions.

Peter Kalmström
CEO and Systems Designer
kalmstrom.com Business Solutions