To understand the value of SharePoint permission levels, first we need to remind ourselves what we mean when we talk about SharePoint permissions. If you are unfamiliar with SharePoint some of the more specific details of its functions can seem overwhelming. However, with a bit of explaining, these features and controls won’t cause you any issues, and will allow you to better understand, as well as get more out of, the platform.
SharePoint permissions are essentially a controlling function that exist when you create a new SharePoint library, site, or team site. Let’s imagine SharePoint as a serviced office space. When you work for a company within the office space, you have access to the main building. There are many rooms in the building, yet you don’t have the right to just walk into any room. You can only go into communal areas, like the kitchen or breakout spaces. You aren’t allowed into other people’s offices, nor are they allowed into your office. And within your own office, you have access to the room but perhaps not to the locked corner cabinet.
Part of the beauty of SharePoint is its flexible design where you can decide precisely what your users can and cannot view. For instance, most departments in your company will often have their own ‘Site’ which only specific users can access. For example, you wouldn’t want every employee in the company to have free access to the HR’s Site, would you? Permissions are great for protecting certain information that needs to be kept private – like the personal information of all your employees.
It’s likely you’ll need various and specific types of permissions, depending on your users and groups. SharePoint has a spectrum of permissions built-in that allows you control how an individual user can access your company’s SharePoint. Permissions can be set for whole Sites, Lists, and Items. You can read more on our SharePoint 2016 Permissions Guide, here.
The different types of permissions you get with SharePoint include:
- Full Control
- Design
- Edit
- Contribute
- Read
- Edit
- Limited Access
- View Only
- Approve
- Manage Hierarchy
- Restricted Read
As we have talked about, after you create a SharePoint site, you might need to restrict who has access to the whole site or just some of its contents. Alternatively, you might want to allow access to everyone, yet only give the power of editing the contents to a specific few. As with a lot of functions within SharePoint there are default permissions ready to be used and fine-grained permissions that go beyond the default settings if you need something more specific.
To see a more in-depth explanation of permission levels, see here.
Beyond the different types of permissions levels, it’s important to know how they work within SharePoint. That way you can make sure you’re using them properly and that you get the most out of them. SharePoint is formed on a hierarchy, at the top of which lies:
So, what this means for permissions is that the ability to see particular information is based on whether you have permission to view the main site (the parent site). Whenever you create a new Site, “North American Clients”, for example, you assign permission to control who can see that site. If you decided to create a subsite within that parent site, “New York Clients”, for example, the permissions that were set for the parent site would be inherited by the subsite. So, if you wanted everyone to be able to see the North American Clients Site, but only certain users to see the New York subsite you would need to set alternative permissions. If a user has permission to view the parent site, they automatically have permission to view the subsites – unless you explicitly change it.
Generating best value with best practice
Okay, so now you should have a basic grasp of SharePoint permissions. With the quantity of data being collected these days, it’s even more important that you have a firm grasp on who can and cannot access your corporate information. But it also takes a lot of managing and planning to make sure that while you have this control, you also allow your employees to do their jobs in the most efficient way. So, what’s the best way to do this?
Devise a plan
Planning is critical in SharePoint. You and your business should know what you are going to use the platform for and how your permissions will map out. Think about the reason behind the creation of each site, who will need access to it and who might need to access it from time to time, etc.
Administer with flexibility
Speaking of site managers, you should have a team or even individual responsible for the overall governance of SharePoint – for example an Information Manager. Remember to be flexible, change as circumstance and your company does.
Assign users to Groups
Give those Groups certain permissions and avoid the complexities that stem from setting permissions on individual users. It might seem workable when you’re a company of above five people, but any more than that and things get very tricky.
Ensure Groups are run collectively
Notice that the default setting for Groups in SharePoint names one individual as Group owner. This is fine until that person leaves their role, or moves to a different area of the company. Suddenly their group is ownerless and becomes very hard to manage. Set group ownership to ‘collectively’ and then you can assign who will manage it.
Want more permissions tips?
See our top ten SharePoint permissions tips now for even more best practice. Or, why not view our short video on how our tool, DeliverPoint, can help report and manage SharePoint Permissions. Even better, start using DeliverPoint right now, and never worry about permissions again!
For more information on SharePoint permission levels best practices or to find out more on how we can ensure you get the most out of your Microsoft investment, contact us today.