In this “Permission Levels in SharePoint Online” article, we will learn and understand how permission levels work in SharePoint and how to create a custom permission level in SharePoint Online step by step. The permission levels in SharePoint are one of the vital objects as they deal with item or document security. For example, for the same item or document, different users will have different types of permission levels: one can read, one can write, one can delete, etc. This is one of the reasons why SharePoint is gaining popularity day by day when it comes to implementing document management systems.
Microsoft developed SharePoint, a powerful collaboration platform that enables organizations to manage, store, and share information efficiently. One of the key components of SharePoint’s robust security and access control system is the management of permissions through various permission levels.
In this article, we have focused on a comprehensive understanding of permission levels in SharePoint, covering their structure, significance, customization, and best practices for effective management.
Understanding Permission Levels in SharePoint: The Fundamentals of Permissions in SharePoint
Permission levels in SharePoint refer to predefined sets of permissions that define what users or groups of users can or cannot do within a SharePoint site or specific resources (e.g., lists, libraries, items). These permissions control actions such as viewing, adding, editing, and deleting content. SharePoint provides several default permission levels, each with its own set of permissions and capabilities.
These permission levels are designed to simplify access control and security management within a SharePoint environment. By assigning appropriate permission levels to users or groups, administrators can ensure that users have the necessary access rights to perform their tasks while also maintaining data security and compliance.
In SharePoint, permissions define the actions users can perform and the areas they can access within the platform. Permissions are typically assigned to individual users or groups, and they regulate access to content and features at various levels. Understanding the hierarchical structure of permissions is crucial for optimizing security and maintaining a well-organized SharePoint environment.
Hierarchical Structure of Permission Levels
SharePoint organizes permissions into a hierarchical structure, with each level offering specific privileges. Here’s an overview of the common permission levels in SharePoint:
- Full Control: Users with “Full Control” permissions possess complete control over the site, allowing them to manage permissions, create, modify, and delete content, and customize the site’s structure according to organizational needs.
- Design: The “Design” permission level empowers users to create and manage lists, libraries, and pages, and customize the site’s appearance using SharePoint Designer.
- Edit: Users with “Edit” permissions can add, edit, and delete lists, libraries, and pages, and they can customize the site within defined areas.
- Contribute: “Contribute” permissions enable users to add and edit items, though they are restricted from deleting or customizing the site’s structure.
- Read: Users with “Read” permission can view, download, and print documents, but they are unable to modify content or make changes.
- View Only: The “View Only” permission level allows users to view pages, list items, and download documents, while prohibiting them from adding, editing, or deleting any content.
- Limited Access: “Limited Access” is a unique permission level that grants access to specific resources without providing access to the entire site. It is typically inherited from parent objects and ensures a fine-grained control of permissions.
Verify Permission Levels in SharePoint
To verify the permission levels in SharePoint, follow the below steps:
Go to the site permission page (“/_layouts/15/user.aspx”) from the site setting pages navigation menu.
Refer to this article about shortcut navigation in SharePoint.
Click on the “Permission Levels” link.
You can see all available permission levels in SharePoint Online or SharePoint.
Inheritance and Customization of Permissions
In SharePoint, permissions can be inherited from parent objects like sites, lists, or libraries. This inheritance simplifies permission management and ensures consistency across the site. However, customization of permissions is often necessary to meet specific organizational requirements. Custom permission levels can be created, allowing organizations to define precise access rights for users, promoting a more tailored approach to security.
How to create custom Permission Levels in SharePoint Online: Tailoring Access for Specific Needs
While SharePoint offers predefined permission levels, organizations may find it necessary to create custom permission levels to align with their unique requirements. Customization permits organizations to define granular access rights, precisely tailoring permissions based on specific roles, projects, or teams.
To create a custom permission level:
- Navigate to the site where you want to create the custom permission level.
- Go to the “Site Settings” and select “Site permissions.”
- Click on “Permission Levels” to access the existing permission levels.
- Select “Add a Permission Level” and define the desired permissions.
- Save the custom permission level, providing a meaningful name and description.
- Custom permission levels empower organizations to exercise the principle of least privilege, granting access only to what is necessary for each role while maintaining a structured and secure SharePoint environment.
To create a custom permission level explained above, let’s follow the steps in practical:
Using the above mentioned navigation, go to the permission levels page.
Step 1: Click on the “Add a Permission Level” link.
Step 2: Configure or Add a Permission Level
Basically, it has two parts:
- Name and Description: Type a name and description for your permission level. The name is shown on the permissions page. The name and description are shown on the add users page.
- Permissions: Choose which permissions to include in this permission level. Use the Select All check box to select or clear all permissions. The permission section is again divided into three (3) sub-sections. Such as “List Permissions“, “Site Permissions” and “Personal Permissions“.
Following are the configurations of a custom permission level:
Here, you need to enter the name and description of the custom permission level. And, for the custom level permission, you may check this “Select All” checkbox if you want to include all the below-shown permission levels; otherwise, you can keep this unchecked.
Create Custom List Permissions Level: List Permissions Configuration in Custom Permission Level
You can configure the following list permissions for your custom permission level; you select whichever you want for your business needs:
Create Custom Site Permissions Level: Site Permissions Configuration in Custom Permission Level
You can configure the following site permissions for your custom permission level; you select whichever you want for your business needs:
Create Custom Personal Permissions Level: Personal Permissions Configuration in Custom Permission Level
You can configure the following personal permissions for your custom permission level; you select whichever you want for your business needs:
For this demo, we will create a custom permission level to manage personal permissions in the SharePoint Online List or Document library. If we assign this custom permission level to those users, they will not be able to create, change, or delete personal views of lists.
- Here, we didn’t select the first checkbox, which is “Manage Personal Views” but selected the other two checkboxes, “Add/Remove Personal Web Parts” and “Update Personal Web Parts“. The moment we selected these two checkboxes, automatically the “View Pages” and “Open” checkboxes were selected from the “Site Permissions” and “View Items” sections of the “List Permissions” section.
Once we click on the “Create” button, we can see that our custom permission level has been created successfully.
Now, go to your SharePoint Online List or Document Library Permission for this list settings page.
Click on the “Stop Inheriting Permissions” icon if it has not already been stopped.
Click on the “Grant Permissions” icon.
Enter the name of the person or SharePoint group to whom you want to assign this custom permission level.
Then, select your custom permission level from the “Select a permission level” dropdown list.
Next to the “Grant Permissions” icon, we can see “Edit user permissions” as well. Sometimes, we may see this “Edit user permissions” icon in displayed mode. You can enable it by referring to this article: Instantly Solved: Edit user Permissions greyed out SharePoint Online – Microsoft 365
Best Practices for Effective Permission Management
To ensure the successful implementation and management of permissions in SharePoint, organizations should adhere to best practices:
- Understand Business Needs: Gain a thorough understanding of the organization’s business needs and processes to tailor permissions effectively.
- Apply the Principle of Least Privilege: Adhere to the principle of least privilege, granting the minimum permissions required for users to perform their respective tasks efficiently.
- Conduct Regular Reviews: Conduct periodic reviews of permissions to ensure they remain appropriate and aligned with organizational changes, projects, or personnel adjustments.
- Document Permissions: Maintain detailed documentation of permissions, access levels, and the reasoning behind them. This documentation facilitates auditing, compliance, and future reference.
- Educate and Raise Awareness: Provide comprehensive training to users and administrators, emphasizing the importance of proper permission management and security practices.
Summary: Understanding Permission Levels in SharePoint
Thus, in this article, we have learned about what a permission level is in SharePoint and how to assign permission levels to users or groups. And how to create a custom permission level in SharePoint Online step by step. This article will definitely help us manage permissions on the SharePoint Online site in a robust way.
Permission levels are a critical component of SharePoint’s security architecture, enabling organizations to regulate access and maintain a secure collaborative environment. Understanding the hierarchical structure, customizing permissions, and implementing best practices in permission management are essential for leveraging SharePoint to its fullest potential while safeguarding sensitive information and ensuring effective collaboration. By adhering to these practices, organizations can achieve a fine balance between security, usability, and productivity within their SharePoint deployments.
See Also: SharePoint Online Articles
You may also like the following SharePoint Online articles:
- Overview of Microsoft OneDrive Security: Safeguard Your Data
- SharePoint Item Level Permissions: Keeping Your Data Safe and Secure with HTTP request
- In 2 proven steps set Item Level Permissions in SharePoint list
- Security breach in SharePoint online conditionally show or hide columns
- User permissions and permission levels in SharePoint Server