If you have read my article SharePoint Groups and Permissions Explained, then you already know relatively well about SharePoint Groups and Permissions but also their difference to Microsoft 365 Groups. In this article, you will learn how to use them effectively and specifically. But you will also learn what your responsibility is as a site owner regarding SharePoint Permission. Deepen your knowledge and read on!
How to Change the Properties of the Edit Permission Level
Some time ago, SharePoint 2013 introduced the “Edit” permission as the default permission level for Members. This was in my view not a good decision. You may ask yourself: What’s the difference between Edit and Contribute?
In addition to the Contribute permission level, Edit also gives users the additional abilities to edit and delete existing, plus create new lists. This gives your average user the ability to do a lot of damage to your SharePoint environment. I recommend you, when creating a new site, change the permission level of the “Members group” to Contribute, if possible or adjust the “edit” permission level by unticking at least “Manage Lists”. Here you see how to adjust the permission levels.
The permission level given to standard SharePoint groups can’t be changed (e.g. Edit). But you can adjust what edit can do.
Give New Users Permissions Only at the Group Level
One of the practices I highly recommend is: Give new users permissions only at the SharePoint group level. You can set individual permissions, to say John Smith has access to this document library or just to a certain document. But I don’t recommend this, because you will forget this “special permission” and if you do this several times, it gets uncontrolled.
I recommend instead to the following:
- Go to “Site Permissions/Advanced Site Permissions” and create a new SharePoint group (Create Group) with a meaningful name, such as ACCOUNTING CLERKS and fill-out the additional fields. On the bottom of this form, choose the permission level group members get on this site. Give them just “Read” permission.
- Then go back to the group overview and the add John Smith to the ACCOUNTING CLERKS Group
This creates a structure that is somewhat self-documenting and makes it easier to change permissions if John Smith leaves or is replaced, or has an assistant join him. The changes to permissions come about just by changing the group membership. In some environments, this can be done with active directory groups, with a similar approach and thinking.
Permissions for individual users are:
- Hard to decipher (who has what level of access)
- Cumbersome to manage
Worst practice: Give individual users permissions to specific SharePoint elements
In our large program, it was useful to define e.g. additional groups for:
- Risk Management and Group Audit (Group: Risk and Audit) – They can Read all information on the site (also sensitive one).
- Project managers of the program, including the project controller and the PMO (Group: Program Management) – They have Contribute access to all information also to sensitive information which normal Members don’t have.
- Steering Committee Members have only Read access to the document library “Steering Committee”.
I recommend you not to define to many Groups because it can be cumbersome to manage them.
SharePoint Group Challenges
When you define a new group, the user who created the group receives group owner status by default. Always assign a group as a group owner (e.g. the Site Owner Group). This is especially important for Site Managers, because if they are locked out, for any reason, a colleague from the same group has still access to the site. Therefore, the Site Owner group should have at least two members.
Before creating new groups, reflect and assess:
- Do we really need special site permissions?
- Do we need all 3 new SharePoint groups?
- Is there an existing group that I can use?
Item Level Permission
You can set permissions at the item level. An Item can be a folder, a document, or a list item.
Just because you can, doesn’t mean you should, because of these challenges:
- A SharePoint view doesn’t differentiate unique permissions
- Laborious administration:
- Manual process of checking broken permissions
- Updating permissions requires a change to each file
- May lead to performance issue
- You will forget after some weeks these special permissions
More Info: SharePoint Permissions Simplified
Who Needs Access to Your Site?
If someone needs access to your site, first ask follow-up questions, especially in a large program where you don’t know every team member:
- Why do you need access?
- Who is your project manager/subproject manager/stream leader/ boss?
- What do you need to do with this information/documents? Read/Change?
Grant read or contribute rights only according to the principle “need to know” and “need to contribute”.
The Site Managers Responsibility
As a SharePoint site manager or site owner, you have full control on your site. That means a lot of responsibility. You play a pivotal role in SharePoint success (or failure). Consider these important points:
- Give Full Control only to your deputies, but train them well
- Don’t take Site Manager delegation lightly!
- Learn from other experienced SharePoint site managers. What lessons learned can they share?
Weitere Artikel zum Thema:
How to Use SharePoint Groups and Microsoft 365 Groups in Your Project Site
SharePoint Groups and Permissions Explained
Here You Can Find More Knowledge
Would you like to learn more about how to make your projects more successful with SharePoint? Save time and money and get firsthand experience with my book SharePoint Online for Project Management. It takes you an important step further!
Do you know somebody who might be interested in this article? Then simply forward it or share it. Thank you!