There was a time – before the advent of SharePoint – when a company’s files and information remained scattered and difficult to find. Employees relied on email attachments, file transfers, and local hard drives to store and share content. Collaboration was tough.
After the launch of SharePoint, businesses worldwide adopted it, and soon it became the perfect platform to house various types of data that many users could access.
Sadly, this solution has led to new difficulties because the data needed to be more readily available and might get into the wrong hands. Leaked data can result in an organisation’s demise if it falls into the wrong hands. Therefore, knowing how SharePoint handles security is important for your company if it holds sensitive information or has multiple organisational levels.
With the help of this article, we will assist you in understanding SharePoint permissions in the simplest way possible. Rest assured, it’s not that complicated.
Let’s dive in.
Benefits of SharePoint Permissions
In a way, SharePoint resembles Facebook. There is a lot of content on Facebook, but most of it remains hidden from your timeline. SharePoint operates similarly.
Several advantages exist for you, your team, extended colleagues, and others who have access to your network when you use SharePoint permissions. There may be a tonne of stuff on your SharePoint system, but you usually only have limited access. This is what we call “security trimming”. Your view is “trimmed” from that content. Only a few individuals with complete God-like access, such as IT administrators, CIOs, CTOs, and Site Owners.
SharePoint Permissions Levels
a) Three Group Concept
This is a critical component of how SharePoint permissions work. The idea is pretty simple. Every SharePoint site has three default security groups. They are as follows:
● Site Owners
● Site Members
● Site Visitors
Site Visitors are read-only users. These users can only read and download the content that’s made available to them.
Site Members are the users you add, update, and delete. These users can upload, edit, and delete content in addition to reading and downloading (documents, pages, announcements, or events). They can also share content with others.
Site Owners have complete control over the site. In addition to everything that Visitors and Members can do, these users can manage navigation, create more web elements, and take actions to ensure the site’s security.
b) Security Inheritance
Thanks to the flat site architecture concept, this is becoming less relevant now. However, you should still be aware of it; otherwise, it might cause you great trouble going forward.
You can design your site security or inherit it from the parent site when you create subsites. Anyone with access to the parent site will now have access to the subsite underneath if you want to inherit the security/permissions from that site.
Things may get complicated when you share one of these sites with others. Although it may be beguiling, sharing a site with someone also grants them access to the other site (as they inherit the security).
c) Nesting SharePoint Groups
One request for SharePoint permissions is nesting a SharePoint group inside another SharePoint group. It’s essential to keep things simple. You will have a mess to manage with layered SharePoint groups.
Having said that, while it is not possible to add a SharePoint Group inside of another SharePoint Group, you can nest the following inside one:
● Office 365 Groups
● Office 365 Security Groups
● Mail-enabled Security Groups
● Named users
d) Site-wide content inheritance
It should go without saying, but by giving someone access to the site, you are giving them access to the entire thing, including all of its pages, lists, document libraries, and web parts. This happens because everything within the site inherits the security from the site itself.
It’s like someone having access to everything you have in your room, including the chairs, table, couch, food, and wine, just as if you gave them the keys to your room.
e) Not advised: Breaking inheritance at the site level.
You can break inheritance between different web parts and a site itself in the same way you may break inheritance from a subsite to a parent site.
Consider the scenario where you must hide a document library or make it read-only for site members. You can design unique security for the site and break inheritance from a library. Even though you might need to do it sometimes, this should be the exception rather than the rule. Going by our previous example, imagine how would you feel if someone handed over the keys to their house and said, ‘You can’t sit on this couch or use this table?’ Breaking inheritance at the site level is similar to that.
f) Default SharePoint permissions
This relates to the first point made above. A default permission level is allocated to each default security group, viz.
Site Owners = Full Control
Site Members = Edit
Site Visitors = Read
Other standard SharePoint permissions levels also exist. The complete list is as follows:
Full Control – Absolute control.
Design – View, add, update, delete, approve, and customise the design.
Edit – Can view, add, update, and delete list items and other content. You can also add, edit, and remove lists.
Contribute – View, add, edit, and remove documents and list items.
Read – You can view sites and list items, and download content.
View – You can only view pages, list items, and documents, but not download.
SharePoint permissions specify what users can or cannot do in the group. The standard practice is to follow the default SharePoint permission levels, but you can also create your own. This is handy, for example, if you want to give a user access to add and edit documents but not delete them.
g) Permission-based access
Permission determines how secure your SharePoint site is. If something is invisible to you, you don’t have permission to access it. For example, you will only see a private HR team site in the site navigation if you have access. No keyword searches will bring you information from this site, as the information is ‘protected’.
h) You add users to a Member group if you share a site
You inadvertently add other users to the Site Members Group when your site members or visitors click Share in the upper-right corner of a site and share the site with someone else. Therefore, even though you, as the Site Owner, did not intend to do this, Smith, for example, can easily click Share and invite his colleague, Martha, provided you, as the Site Owner, added her to the Site Members group.
Members sharing a project site might be acceptable, but you should restrict this behaviour if this is a secure department site. You can configure Access Request Settings to prevent such shares.
i) Sharing items creates unique security
The security inheritance between a file or folder in SharePoint breaks every time your users share them.
j) Unshare option is only available for the Site Owners
Your members cannot unshare websites, files, or folders once they have shared them. This is only possible for site owners.
The proper use of SharePoint permissions is crucial to preventing errors made by users who do not have access to a specific list, library, site, or document. With defining SharePoint permissions levels, managing the sites, libraries, and records would be easier and more convenient.
As we initially said, understanding SharePoint permissions isn’t that hard. Keeping things simple and in order can make things much easier for you and your team.
You should specifically keep the following in mind:
● Only allow three site owners at most (anything less is lacking, and anything more is too risky).
● Make each team member who needs access to the documents and files a site member of the team site.
● Most users on a communication site should only have read-only access (and belong to the site visitor group).
If you still have questions regarding SharePoint permissions, throw them down below, and we will help you with them.
And in case you need to optimise your existing SharePoint solution to make it seamless, user-friendly, and secure, make sure you reach out to us. Our team of seasoned SharePoint developers will go above and beyond to help you realise your company’s true business potential.