SharePoint Online Permissions
Overview of Site Permissions in SharePoint Server
SharePoint online permissions control the access employees, partners, third-party suppliers, and others have to content in SharePoint. These permissions control not only who can view information, but what information is presented in lists, document libraries, and search results. For example, if a user does not have SharePoint online permission to access a specific document list, none will be displayed—as if they do not exist.
SharePoint Online permissions add value beyond security. By limiting the information that is presented, users have access to the information they need, but are not overwhelmed or distracted by extraneous information.
SharePoint Permissions Terminology
Alerts are SharePoint notifications. These can be sent to the entire organization, groups of subscribers, or certain SharePoint farms. Alerts are triggered when a SharePoint farm detects a new document or modified content within a SharePoint document, a List, a Library, or an Item.
SharePoint Lists use attachments to upload external documents for future reference. Documents are uploaded and associated with a SharePoint List.
Check Out/Check In
SharePoint Online permissions use Check Out and Check In to manage content and document versions. Users can check out a document to edit it and stop others from making changes simultaneously based on permissions. Once work has been completed, the document is checked back in so others may access it.
If you give the Contribute permission to an employee, they can edit items and user information, manage personal views, manage personal Web Parts, and delete versions in existing lists/libraries.
Design is the SharePoint online permission level between Edit and Full Control. At the Design level, users can add, view, delete, update, customize, and approve site items, lists, libraries, themes, and styles.
The document library is the storage location for all files created using productivity applications (e.g., Word, Excel, PowerPoint, OneNote). A Documents section on a SharePoint site or page is the document library, which presents users with action options, such as new, upload, sync, and share.
Edit Page, also referred to as Edit, means the ability to modify SharePoint sites and pages according to SharePoint online permissions. The Edit Page tool is accessible to page or site owners. It can be found in two places.
1. The Settings (gear icon) menu in the top-right corner of the screen
2. A pencil icon beneath a user’s Account manager avatar and to the left of the Follow this site button
Full Control Owner
According to SharePoint online permissions, Full Control Owner is comparable to a SharePoint site administrator. Full Control Owners can read, write, edit, delete, and modify all Team Site content, lists, libraries, workflows, and sub-sites.
Inherit Permission facilitates customized site access. For example, if someone is granted Edit permission for a Sub Site, they will also get Edit permission for Lists, Libraries, and other editable content in that Sub Site.
An Item is a single row data entry in a SharePoint List. A single Item can contain multiple columns of data. An Item is added by clicking the “New” button in a List app and adding.
SharePoint sites that are used for team collaboration have a Library. In the Library, users can create, upload, collaborate, and update files. Based on the SharePoint online permissions, the Library will also display a list of files and file information.
A SharePoint List is a spreadsheet type listing of data that contains columns, rows, and metadata of List items. Examples of SharePoint Lists are Custom Lists, Tasks, Announcements, Contacts, and Issue Tracking.
Metadata organizes and facilitates collaboration with shared data, files, and documents. Metadata provides details about files on SharePoint. Examples of Metadata in SharePoint are file name, author, creation date, version, date modified, modified by, and date created.
Parent Site or Top-Level Site
Parent Site also referred to as Top-Level Site, is the entry point to a content management system created on SharePoint. The home page is primarily a Parent Site. Users can access Notebook, Documents, Lists, Libraries, Site contents, and SubSites from the home page based on their SharePoint online permissions.
The permission settings in SharePoint are used to create a user profile and assign access levels or privileges.
Read is one of the SharePoint online permissions. With the Read permission, users can Read, Download, and Print site content.
A Row is a part of an Item on a SharePoint List. It is also referred to as the Title of an item.
Site Collection represents all of a Team Site for any content database. Home is the top level for the Site collection and all other pages are Sub Sites or Child Sites.
Sub Site or Child Site
Sub Sites, or Child Sites, are the same components of SharePoint, and Parent Site hosts these sites. Sub Sites usually contain Lists, Libraries, Document Libraries, and Workflows. If a user has Edit permission for the Parent Site, they will also have the same SharePoint online permissions for the Sub Sites.
Tasks are items in a SharePoint List. Tasks can be automated by creating a workflow.
Web Parts are the containers or mini-applications that store specific content on a SharePoint Site. These are used to facilitate content management and collaboration on SharePoint. Among the many Web Part tasks are Calendar, Discussion Board, Survey, and Form Library. A Web Part is presented as a thumbnail with a glimpse of the data on SharePoint Sites. They can be clicked to access according to SharePoint online permissions.
A SharePoint workflow automates processes, such as managing documents, approving site content, signing business contracts, and dispatching quotes via email. SharePoint includes several pre-programmed workflows out-of-the-box, including approval, collecting feedback, collecting signatures, and publishing approval. The SharePoint online permissions required to create and execute workflows are Manage Lists and Edit Items.
SharePoint Online Permission Levels
Server and Farm Roles
- Windows Administrators
When SharePoint is installed on a Windows Server, the local Administrators group on that server is automatically added to the SharePoint Farm Administrators group. Windows Administrators have full control of permissions on the SharePoint farm with regards to installing applications and software and managing Internet Information Services (IIS) websites and Windows services. However, the default SharePoint online permissions do not grant Windows Administrators access to site content.
- Farm Administrators
The Farm Administrators group has full control over permissions on all SharePoint farms and can perform all administrative tasks in SharePoint Central Administration for the server farm. However, the SharePoint online permissions do not grant Farm Administrators access to individual sites, site collections, and their content, but a Farm Administrator is able to gain full access to content by adding themself to the site collection’s Administrators group.
Shared Services Roles
- Service Application Administrators
According to SharePoint online permissions, a Service Application Administrator can configure settings for a specific service application in a farm. The SharePoint online permissions do not permit them to create service applications, access any other service applications in the farm, or perform any farm-level operations.
- Feature Administrators
A Feature Administrator is responsible for one or more specific features of a service application. SharePoint online permissions allow Feature Administrators to manage a subset of service application settings, but not the entire service application.
Site Collection Roles
- Site Collection Administrators
SharePoint online permissions give Site Administrators the Full Control permission level on all sites in a site collection. With this level of permission, Site Collection Administrators have Full Control access to all site content in that site collection, even if they do not have explicit permissions on that site. Site Collection Administrators are able to audit all site content and receive administrative messages.
- Site Owners
Administrators in the Owners group have the Full Control permission level on that site. According to SharePoint online permissions, a Site Owner can perform administrative tasks on the site and on any list or library within the site.
Managing Permissions in SharePoint and Office 365
There are 33 default SharePoint online permissions. These are used within the permission levels to provide a general framework for assigning user privileges. Advanced user permissions are customized to meet specific requirements. Three of the commonly used SharePoint online permissions are:
1. SharePoint custom/personal permissions
2. SharePoint list permissions
3. SharePoint site permissions
Default SharePoint Online Permission Types
- Full access
- Limited access
- View only
SharePoint Permissions Simplified
To effectively use SharePoint online permissions to secure Sites, Document Libraries, Lists, and Documents, permissions need to be set along with inheritances. Each SharePoint Tenant has one or more Site Collections. Each Site Collection has a Top-Level Site and, usually, one or more Sub-Sites that require this. Permissions are inherited from the Top-Level Site down in each Site Collection. SharePoint online permissions dictate users’ access to Sites, Lists, Libraries, and Documents
SharePoint Online Permissions Bolster Security Posture
Understanding and managing SharePoint online permissions can be challenging. Taking the time upfront and, subsequently, on an ongoing basis. Provides a record of how and why SharePoint online permissions were granted, which helps with oversight. For complex deployments, access management tools can help streamline how SharePoint online permissions are granted and managed. Regardless of what management approach is taken, SharePoint’s online permissions provide an important layer of security to protect sensitive information and access to resources.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.
Last Updated: 29th September, 2023