SharePoint Permission Levels – Explained
What is permission levels in SharePoint?
Permission levels are a set of permissions that a particular user or group is allowed to perform specific actions. Each permission levels consist of a number of detailed permissions (such as: Create Alerts, Delete Items, etc). SharePoint Server 2010 provides these default permission levels: Full Control, Design, Contribute, Read (Sorted highest permission level to the lowest).
Users and groups must be granted some level of permission to get access to SharePoint sites. Which can be in one of two ways:
- Add the user directly to the SharePoint site/list/list item with specific permission level
- Add the user or security group to a SharePoint group (which is already assigned with a particular permission level)
Why we need permission levels in SharePoint? Security! It defines who can do what. The level of access is controlled by the permission level, which you can think of as a security role.
SharePoint default permission levels:
- Read – Users Can Open & view SharePoint content including documents, pictures and lists. They’ll not be able to create, modify, or delete.
- Contribute – Allows the user to view, add, update, and delete content
- Designer – Can do everything contributors do. Plus create new document libraries, columns, views, as well as change the layout of the website by adding or moving web parts.
- Full Control – Users can perform any action in the site, including adding/deleting members and changing their access.
- View Only: Users can view web pages, lists, and list items but can’t download.
In addition with above permission levels for Team Sites template, we get three more with Publishing site templates,:
- Approve – Users may approve pages, list items, or documents submitted by others.
- Manage Hierarchy – Users may edit pages, list items, and documents. Manage Hierarchy permissions also allow the users to create sites.
- Restricted Read – Users may view pages and documents; however, historical versions are not available.
SharePoint Permission Level FAQs:
What is limited access permission level in SharePoint?
Limited Access is a special type of security role that a user or group is automatically granted when getting access to a specific list/library/item, but not to the site itself.
When we grant access to a specific list, but not the site, users will get read access to the list and limited access to the site. Because user
must get access to the site in order to access the list, isn’t it?
SharePoint permission level scope: Permission Level are scoped at Site Collection (You can’t define it at web level) . add a permission level ribbon button is missing SharePoint 2010. If you Break the Inheritance, will get Permission levels but will not be able to customize it at subsite level as permission levels greyed out in subsites.
SharePoint permission level inheritance: Permission levels are created at CA/site collection level (in RootWeb) and inherited by its subsites. Each site collection has its own set of default permission levels. When you change or add new permission levels, they will be automatically replicated to all subsites in the site collection.
Get all permission levels in SharePoint:
- Log on to your SharePoint site collection as a site owner
- From Site Settings, click on Site Permissions under Users and Permissions.
- In the ribbon click on Permission Levels. You will see all the different permission levels for the site collection.
How to add a new permission level in SharePoint?
Refer to my other post to add a new permission level in SharePoint How to Create Custom Permission Level in SharePoint 2010? It’s a best practice: Not to change the out-of-the-box permission levels. Always create a permission level by copying the existing permission level and add/remove the base permissions.
MSDN Reference to Edit, create and delete permission levels: https://office.microsoft.com/en-001/sharepoint-server-help/edit-create-and-delete-permission-levels-HA101805381.aspx