SharePoint Permission Levels – Explained

As organizations grow and projects become more complex, managing access to files and information becomes increasingly important. SharePoint, Microsoft’s web-based collaboration platform, offers powerful tools for controlling access to resources, but great power comes with great responsibility. In this comprehensive guide, I will walk you through everything you need to know about SharePoint permission levels, from understanding the default permission levels to creating custom permission levels and managing access at the folder and item levels.

What is the Permission level in SharePoint?

Permission levels are a set of permissions that a particular user or group is allowed to perform specific actions. Each permission level consists of several detailed permissions (such as: Create Items, Delete Items, etc.). SharePoint provides these default permission levels:  Full Control, Design, Edit, Contribute, and Read (Sorted highest permission level to the lowest). These levels can be modified to suit your organization’s needs, but it’s important to understand what each level means before you start tinkering with them.

Users and groups must be granted some level of permission to get access to SharePoint sites. Which can be in one of two ways:

  1. Add the user directly to the SharePoint site/list/list item with the specific permission level
  2. Add the user or security group to a SharePoint group (which is already assigned with a particular permission level)

Why do we need permission levels in SharePoint? Security! It defines who can do what. The level of access is controlled by the permission level, which you can think of as a security role.

SharePoint default permission levels

  • Read – Users Can Open & view SharePoint content, including documents, pictures, and lists. They’ll not be able to create, modify, or delete. This is the default permission level assigned to site visitors.
  • Contribute – Allows the user to view, add, update, and delete content, but not create new lists and libraries or manage permissions. This is appropriate for most users who need to collaborate on a project or contribute content to a site.
  • Designer – The design permissions can do everything contribute do. Plus, create new document libraries, columns, and views and change the website’s layout by adding or moving web parts.
  • Edit: This permission level allows users to manage lists and document libraries, and to edit pages in a site. Assigned to site members by default.
  • Full Control – Users can perform any action on the site, including creating and deleting lists, and libraries, adding/deleting members, creating alerts, and changing their access. This gives complete control over a site – This level is typically reserved for site owners.
  • View Only: Users can view items, web pages, lists, etc. but can’t download documents. This level is appropriate for users who only need to view content, such as stakeholders or clients.

In addition to the above permission levels for the Team Sites template, we get three more with publishing site templates:

  • Approve – Users may approve pages, list items, or documents submitted by others.
  • Manage Hierarchy – Users may edit pages, list items, and documents. Manage Hierarchy permissions also allow the users to create sites.
  • Restricted Read – Users may view pages and documents; however, historical versions are unavailable.

Creating Custom Permission Levels in SharePoint

While the default permission levels in SharePoint are useful, they may not be enough for your organization’s needs. Fortunately, SharePoint allows you to create custom permission levels that can be tailored to your specific requirements. To create a custom permission level, you’ll need to navigate to the site where you want to create it (as permission levels are scoped at the site level), then follow these steps:

  1. Click on the gear icon in the top-right corner of the page and select “Site Permissions”.
  2. Under the “Site Permissions” panel, click on “Advanced Permission Settings”.
  3. Click on “Permission levels” in the ribbon at the top of the page
  4. Pick any existing permission level and click on its name. E.g., “Contribute”. Scroll down to the bottom and click on “Copy Permission Level”.
  5. Give your new permission level a name and optional description. E.g., “Contribute without delete”.
    create permission level sharepoint
  6. Select the permissions you want to grant to users at this level. You can select/unselect any available base permissions. E.g., “Open items”, “Edit Items”, “Client integration features”, “Personal views”, “view application pages”, etc.
  7. Click “Create” to finish creating the custom permissions.

Once you’ve created your custom permission level, you can assign it to individual users or groups, just like any other permission level.

Refer to my other post to add a new permission level in SharePoint using the web browser and PowerShell, How to Create a Custom Permission Level in SharePoint?

It’s a best practice: Not to change the out-of-the-box permission levels. Always create a permission level by copying the existing permission level and adding/removing the base permissions.

Editing and Managing Permission Levels in SharePoint

Once you’ve created your custom permission level, you may find that you need to make changes to it over time. Fortunately, SharePoint makes it easy to edit and manage permission levels. To edit permission level at the site, follow these steps:

  1. Navigate to the site collection where you want to edit the permission level
  2. Click on the gear icon in the top-right corner of the page and select “Site Permissions” and then “Advanced Permissions Settings”.
  3. Click on “Permission levels” in the ribbon at the top of the page
  4. Find the permission level you want to edit and click on its name
  5. Make the desired changes to the permissions
  6. Click “Save”

This allows you to update permissions that are assigned to users and groups, making it easier to manage access to resources across your organization.

Defining Folder Level Permissions in SharePoint

While permission levels are a powerful way to control access to resources in SharePoint, they are not only for sites and lists. You can also define folder-level permissions to further restrict access to specific folders within a site collection. To set folder permissions, follow these steps:

  1. Navigate to the site or site collection where you want to configure folder level permissions
  2. Find the folder you want to restrict access to and right-click on the folder and choose “Manage Access”.
  3. Click on the “…” and choose the “Advanced Settings”
  4. Click on “Stop Inheriting Permissions”.
    folder level permissions in sharepoint
  5. Remove any users or groups that you don’t want to have access to the folder
  6. Add any users or groups that you want to have access to the folder
  7. Click “OK”

Once you’ve defined folder level permissions, users can only access the folder if they have been explicitly granted permission to do so. If you want to grant list permissions, refer: How to Grant Permissions to SharePoint List or Document Library?

How to Change Permission Levels of Users and Groups?

As your organization’s needs change, you may find that you need to change the permission levels of individual users or groups. SharePoint makes it easy to edit permissions. To change a user or group’s permission level, follow these steps:

  1. Navigate to the site or site collection where you want to change the permission level.
  2. Click on the settings gear icon in the top-right corner of the page and select “Site Permissions”.
  3. Under the “Permissions” panel, click on “Advanced Permissions Settings”.
  4. Find and select the user or group whose permission level you want to change.
  5. Click on “Edit User Permissions”.
    how to change permission levels in sharepoint
  6. Select the new permission level you want to assign (or remove any existing permission levels assigned) to the user or group.
  7. Click “OK” to save your changes.

Once you’ve changed a user or group’s permission level, they will have access to the resources associated with their new permission level. Similar to site-level permissions, You can customize permissions at the document library settings, too.

Understanding Item Level Permissions in SharePoint

In addition to folder level permissions, SharePoint also allows you to set permissions on individual items within a list or library. This can be useful if you want to restrict access to specific files or items within a project. How do I set item level permissions in SharePoint online? To set item level permissions, follow these steps:

  1. Navigate to the list or library where you want to set item level permissions
  2. Find the item you want to restrict access to and right-click on the item and choose “Manage Access”.
  3. Click on ellipsis (…) on the page and click on “Advanced Permisions”
  4. Click on “Stop Inheriting Permissions”
  5. Remove any users or groups that you don’t want to have access to the item
  6. Add any users or groups that you want to have access to the item
  7. Click “OK” to commit your changes.

Once you’ve set item level permissions, users will only be able to access the item if they have been explicitly granted permission to do so.

Get all permission levels in SharePoint

To get all permission levels available on your SharePoint site collection, follow these steps:

  1. Log on to your SharePoint site collection as a site owner.
  2. From Site Settings, click on Site Permissions and then click on “Advanced Permission Settings”. 
  3. In the ribbon, click on “Permission Levels”. You will see all the different permission levels for the site collection.
sharepoint permission levels

Microsoft Reference to managing permission levels: https://learn.microsoft.com/en-us/sharepoint/understanding-permission-levels?source=recommendations

Best Practices for Mastering SharePoint Permission Levels

Now that you have a solid understanding of SharePoint permission levels and how to manage them, here are a few best practices to keep in mind:

  1. Use custom permission levels to tailor access to your organization’s needs
  2. Regularly review and update permissions to ensure that users have the access they need and nothing more
  3. Use folder and item level permissions to further restrict access to resources
  4. Train users on how to use SharePoint’s permission system correctly to avoid common mistakes
  5. Use SharePoint’s built-in tools for managing users and groups to make permission management easier

Conclusion

SharePoint provides a powerful set of tools for managing access to resources within your organization, but it’s important to use them correctly to avoid common mistakes and ensure that users have the access they need. By understanding the default permission levels, creating custom permission levels, and using folder and item level permissions, you can create a robust access control system that meets your organization’s needs and improve site security. Remember to regularly review and update SharePoint permissions to ensure that users have the access they need and nothing more, and train users on how to use SharePoint’s permission system correctly to avoid common mistakes. With these best practices in mind, you’ll be well on your way to mastering SharePoint permission levels.

What is limited access permission level in SharePoint?

Limited Access is a special type of security role that a user or group is automatically granted when getting access to a specific list/library/item, but not to the site itself. Say, for example, When we grant access to a specific list, but not the site, users will get read access to the list and limited access to the site. Because user must get access to the site in order to access the list, isn’t it?

How does the SharePoint permission inheritance work for permission levels?

Permission levels are created at site collection level (in RootWeb) and inherited by its subsites. Each site collection has its own set of default permission levels. When you change or add new permission levels, they will be automatically replicated to all subsites in the site collection.

What does contribute access mean in SharePoint?

Contribute access in SharePoint allows users to add, edit, and delete items in a list or library, browse directories, user information. But they cannot approve or reject items, create new lists or libraries, or manage permissions. It is a mid-level permission level that gives users more control than read-only access, but less control than full control access.

What is restricted view and view only permission level on SharePoint online?

Restricted view and view only are permission levels on SharePoint online that allow users to view content, but not edit or delete it. Restricted view allows users to view only specific content, while view only allows users to view all content on a site or document library. These permission levels are useful for controlling access to sensitive information and ensuring that users only have access to the content they need.

What are the default permission groups in SharePoint?

SharePoint has three default permission groups: Owners, Members, and Visitors. Owners have full control over the site, including the ability to add and remove users and change permissions. Members can contribute content to the site, but do not have administrative privileges. Visitors can view content on the site, but cannot make any changes.

What is the difference between edit and contribute in SharePoint permission levels?

SharePoint’s “Contribute” permission level allows users to add, edit, and delete items in a list or library, but they cannot manage the site itself. “Edit” permission level, on the other hand, allows users to do everything that “Contribute” allows, but also gives them the ability to manage lists, add and remove web parts, and customize pages. In short, “Edit” gives users more control over the site than “Contribute.”

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

2 thoughts on “SharePoint Permission Levels – Explained

  • I would like my users to Edit the files online but not print or export or download. Currently, I have tried creating a copy of View only and adding Edit option, but it is allowing print and export.
    I need something like “Restricted View” but with Edit access. But, I am unable to create a copy of Restricted View. Can you help here?

    Reply
    • You have to upload at least one file to the site – to get the restricted view permission level!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *