SharePoint Permission Levels and Best Practices in Microsoft 365
In order to secure data and SharePoint Online ensure that only relevant information is seen by the right group of people, permission management in SharePoint Online must be handled properly. In this post, we will be discussing all you need to know about SharePoint permission levels – how they work and where to find them in addition to general best practices surrounding the topic. An exhaustive article on how to manage Microsoft 365 SharePoint, for the administrators out there.
Levels of Permission in SharePoint for Office 365
In SharePoint Online, you may think of permissions as a set of various that determine what users can or cannot do inside the site. These levels include:
Full Control – this means you have full control of the site, including permissions.
Edit – Add, edit and delete lists, libraries, and entries in the Site
Contribute – Users can add, edit and delete items in existing lists and document libraries
Reading – Users can view pages and items in lists and libraries. 2
Read Only – For viewing gem without able to download the content. (Having only read-only access) Its just a view of code and nothing else
Edit Access – The minimum level of access that a user needs in the site collection Limited Access: Automatically assigned to users given edit permissions on an item within a site
Digging Down: Review of Permission Levels
1. Full Control
Full Control: Users with Full control ability can conduct every operation that the site provides, they may create and delete sites, change site settings (sitewide), Manage permission on all sub-website levels or even full content authoring.
Use Case: Typically given to site administrators who are responsible for building the basic architecture and configuring your application.
2. Edit
Users Add, edit and remove lists, libraries and Items. Customize web partsConcept)xViews
Used When: For team members that need to edit content and should not be able to control site settings, change permissions etc
3. Contribute
Permissions: Add edit and delete items in existing lists & document libraries
When would you use this: Perfect for users that will continue to input content only with no back end access.
4. Read
Roles: Page Viewers, Item/Document Readers (Can view pages/items/documents/{hide})
Use Cases: ideal for read-only users who require data access without the ability to change it
5. View Only
Features: It lets users read a certain specific content only mode and user cannot download the same.
Use Cases: Perfect for shared highly confidential documents that need to be viewed but should not have an option to download or edit.
6. Limited Access
Functionality: Allows users to access an individual asset (the item, typically a document or list entry) in the site
Usage: Deployed automatically when a user requires access to an item, not the site itself.
Knowledge is power and understanding these permission levels are the first step in better SharePoint management.
Default Permission Levels in SharePoint Online
By default, SharePoint Online will assign certain permission levels to any new site created. To manage these permissions:
1. Navigate to Site Settings
Go to the SharePoint site.
Click on the gear icon and then you choose “Site Settings.”
2. Manage Site Permissions
Below the “Users and Permissions,” click on “Site Permissions.”
3. Assign Permissions
Choose the group or user to set access rights.
Click “Grant Permissions” and select the right level of permissions.
4. Save Changes
You will click “OK” to save the changes.
SharePoint Online comes with 3 main site groups (Owners, Members and Visitors). Each group maps to one of the permission levels (Owner, Contributor) etc.
SharePoint Online Site Groups Default Permissions
To facilitate Site Group, there are pre-created site groups and default permissions in SharePoint Online.
Owners: This group has Full Control permissions. With these roles they can handle things like site settings, permissions, and content.
Members: Users in the Members group have Edit access rights. They have access to add, update and remove content.
The Visitors: The group which is intended to represent the general public, so people who aren’t authenticated at that site can see content.
These predefined groups make the user roles fairly standard without requiring countless customizations.
Default Permission Groups Customisation
Default permission groups are great, but you might want to tweak them a little bit to suit your organization better:
1. Modifying Existing Groups
Go to Site Settings > People and Groups.
2. Choose the group you want to update
You can adjust the permissions and membership of a group via “Settings” > “Group Settings”.
3. Creating New Groups
This can be found under Site Settings > People and Groups
More>New >New Group.
Give the group a name, establish its permissions and configure policies for member enrollment.
The creation of custom groups also enables better permission management relative to the roles in your organization.
Add New Permission Level in SharePoint
You can create custom permission levels to cater the specific requirements. In order to make a new permission level:
1. Access Site Permissions
Site Permissions” under “Sitesettings”
2. Create Permission Level
Under Users and Permissions, click on “Permission Levels.”
Click Add a Permission Level.
3. Define Permissions
Give your new permission level a name.
Choose all the necessary permissions from these lists.
Click “Create.”
Custom Permission Levels Best Practice
Custom permission levels can be used to configure access permissions exactly as you need them. Follow these best practices:
1. Define Clear Use Cases
Identify the exact detail(s) that necessitates a unique permission level. Do not make levels just for the levelless sake of making a level.
2. Document Custom Levels
Document any custom permission levels, why those are a thing and what they do.
3. Regularly Review and Update
Occasionally evaluate the custom permission levels, make sure that they still satisfy organizational requirements and modify them accordingly.
With custom permission levels, user actions within SharePoint can be regulated at a more granular level.
This is how you set permissions for Document Libraries in SharePoint Online
SharePoint Online: Document libraries are a key building block of SharePoint Online. Document Library Permissions Management
1. Go To The Document Library
How to check- Open the SharePoint Site -> Document Library
2. Manage Library Permissions
From the ribbon, click “Library Settings”.
Choose the “Permissions for this document library.”
3. Edit Permissions
Notice: The notification”Grant Permissions To” in which you wish to add users or groups as below.
Select proper permission to share and click SHARE.
Deeper Library Permissions Versioning
Advanced settings – Understanding to Manage document library permissions properly
1. Library Permissions Best Practices
Libraries automatically receive permissions from the associated site by default. If you want to manage them separately, click on the library -> Library settings in order to stop inheritance by clicking “Stop Inheriting Permissions”.
2. Library Permissions Levels
Give users or groups permissions on the document library, such as Contribute / Edit.
3. View Library Permissions
Go to the Library Settings and click on Permissions for this document library > check permissions & VERIFY WHO HAS ACCESS TO A DOCUMENT LIBRARY.
Since permissions at the document library level will give users read access to files in a given site collection, as well as protect sensitive information.
How to define Folder Level Permissions in Microsoft SharePoint?
Sometimes the permissions must set on folder level under document library;
1. Navigate to the Folder
Go to the document library and select it.
2. Manage Folder Permissions
The folder name you will find right here on the other side of which there is an ellipsis (three dots), hit that and select Manage Access.
Click on the “Advanced” link to select the permissions.
3. Break Inheritance
Then, to manage permissions separately from the parent library click ‘Stop Inheriting Permissions.
4. Set Permissions
Simply add users, groups and give them the level of permission.
Click “OK” to save changes.
Examples Of Folder-Level Permissions
Folder-level you can control access to folders of documents as a unit
1. Project-Specific Folders
Assign new permissions to folders associated with specific projects, restricting access only for team members who need role-based or administrative privileged.
2. Confidential Documents
Only allow certain users or groups to access folders that contain sensitive documents.
3. Collaborative Workspaces
If some folders are used for collaborating, like the one which requires permissions to be Edit or Contribute then make a folder.
Folder-level permissions make access management within a document library more fine-grained.
Permissions On The Files Level In SharePoint Online
There are a few files that may need individual permissions in some circumstances. There are several ways to handle file level permissions.
1. Select the File
Browse to the Document Library and select your file.
2. Manage File Permissions
Click on the ellipsis (..) next to the name of a file and choose Manage access.
Advanced, on Onglet Permissions
3. Break Inheritance
Select “Stop Inherit Permissions” and then modify file permissions.
4. Assign Permissions
Assign the needed permission level to users/groups
Click “OK” to save changes.
Use Cases for File-Level Permissions
In the shared library, file-level permissions can be used to secure confidential files:
1. Sensitive Documents
Limit the number of people who can open up sensitive files.
2. Approval Workflows
Allow only the necessary people to submit changes by setting permissions on files; making it require review.
3. External Sharing
Control the permissions to files shared with external users, and provide a reference or no permission.
File-level permissions offer the ultimate control for each individual document in SharePoint
Setting List Permissions in Office
O365 SharePoint Online
SharePoint Online – Lists List permissions are Being Configured Here
1. Navigate to the List
Open the SharePoint siteGo to list.
2. Manage List Permissions
On the ribbon, click List Settings.
Click on “Permissions for this list.”
3. Edit Permissions
To add users or groups, click Grant Permissions.
Select the permission level and click “Share.
Advanced List Permission Management
The majority of lists consist of structured data that are essential to a companys operations. You can manage list permission like;
1. Breaking Inheritance
Libraries – and lists as well by extension of this fact – are set to inherit permissions from the site they reside on in SharePoint. Make sure to manage these independently by clicking on “Stop Inheriting Permissions” for this doc.
2. Custom Permission Levels
Custom permission levels can be assigned to users or groups on particular lists (e.g. Contribute, Edit).
3. Checking Permissions
Consider utilizing the “Check Permissions” tool to confirm that certain users have access at the list level.
List permissions allow you to control access over structured data in sharepoint, if user have read or write access.
How to Check User Permissions on a List in SharePoint Online?
To verify user permissions:
1. Access Site Permissions
Site Settings > Site Permissions
2. Check Permissions
Click Check Permissions from the ribbon.
Specify the User or Group and click “Check Now.”
3. Review Permissions
This will show the real permissions of an user
Why Checking Permissions is Important?
Ensuring the security and compliance of users is done by maintaining their permissions gracefully subscriptions (how this works, out in part 1!)
1. Audit Trails
This allows us to have that audit trail by limiting who has access to what, which is critical for compliance.
2. Security
This limits user access to the appropriate permission and also stops unauthorized entry in confidential data.
3. Efficiency
Periodic checks can put the detecting of suspended permissions in place and will prune system efficiency.
By verifying user permissions, you can ensure users have the necessary level of access to keep unauthorized users from entering or becoming non-compliant.
Results Of Permission Reports In SharePoint Online
Permission reports generate better organizational visibility facilitating greater control over permissions, aiding administrators to understand and deal with them in a more organized manner.
1. Use Built-in Reports
SharePoint Online includes builtin reports under its Site Setting phase.
2. Third-Party Tools
Tools like AdminDroid will give you extensive capabilities to report on permissions.
3. PowerShell Scripts
You can create full detailed reports using PowerShell scripts allows the fully customization.
Comprehensive Permission Analysis
With permission reports you can identify areas where your users have access and, therefore security risks!
1. Regular Reporting
Regularly schedule permission reports to ensure you are alerted if there is a change and remain compliant.
2. Custom Reports
Leverage 3rd party tools or PowerShell to create custom reports and manage your environment specific to what you need for YOUR organization!
3. Actionable Insights
Review reports to pinpoint any security threats or excessive permissions
Permission reports deliver insights on who can do what, enabling administrators to keep their SharePoint environment secure and compliant.
SharePoint Permissions Management Best Practices
Principles of best practices in SharePoint Permissions add Security and simplify the end users lives
1. Adhere to the Principle of Least Privilege
Make sure that you assign the minimum required permissions to users to get their work done.
2. Utilising Groups not Users
Groups – This approach extends the concept of managing permissions via groups which ease the administration.
3. Use Secure Links for Sharing
When sharing documents use secure links that expire and are only viewable.
By adopting these best practices, you can ensure your SharePoint environment remains secure and organized.
Do’s with SharePoint Online Permission Levels
Assign Permissions at the Highest Appropriate Level: Make sure to manage permissions in either site or library.
Use SharePoint Groups: Only manage permissions easily with the use of groups.
Regular Audits: Have regular permission audits to make sure you comply.
Expanded Do’s
1. Do Use Inherited Permissions
Unless businesses have a need for unique permissions, continue to use inherited permissions which can simplify management efforts.
2. Do Keep Permissions Simple
Of course, you should avoid those that present unnecessarily elaborate permission structures which become problematic to configure and follow through with.
3. Do Communicate Changes
Let users know of updates to their permissions so as not to cause confusion and avoid surprises that they do (and do not) have access.
SharePoint Online Permission Levels DONTS
Do not Assign Permissions Directly to Users: It is generally a bad practice and makes things complex.
Avoid Overusing Custom Permission Levels: default permission levels are often the most straightforward way to go.
Keep Inheritance in Mind: respect and manage permission inheritance to prevent unintended access.
Expanded Don’ts
1. Check Permissions fencingOptions More Info
Revisit and update permissions frequently to fit it well with your application permission policies.
2. External Sharing: Never Forget About It
Manage permissions with care for external users to make sure that they do not have unauthorized access.
3. Check Defaults, Default Settings are not Always the Best
Evaluate and modify default permission settings to reflect the specific needs of your organization.
Ultimate Guide to SharePoint Permission Levels in AdminDroid
For managing SharePoint permissions, AdminDroid is a handy tool. It offers:
1. Detailed Reports: Permission reports that can help you avoid additional, and possibly critical security issues.
2. User Activity Monitoring: Task-based user tracking to confirm compliance.
3. Automated Alerts: Be notified about important permission changes.
Features of AdminDroid
1. Permission Analysis
In-Depth Analysis – Analyze permission settings Site-wide, at Library / List level and item level.
2. Audit Logs
Detailed audit logs to record permission changes and create an accurate trail of events.
3. Custom Reports
Introduce tailored custom reports compliance and security requirements. This will make your life easy to managed the sharepoint permissions via adminDriod.
Preventing Data Loss by Securing SharePoint
Ensuring The Security of Data in SharePoint
1. Backup your SharePoint often: Make sure the content of SharePoint is daily backup.
2. DLP (Data Loss Prevention) policies: You can implement DLP policy in order to stop the leakage of sensitive information.
3. Multi-Factor Authentication (MFA): Implement MFA for end user security access.
Advanced Security Measures
1. Encryption
Encrypt: all data in transit and at rest.
2. Access Reviews
Run access reviews on an ongoing basis to make sure users are assigned with right permissions.
3. Security Training
Regular security trainings should be conducted for the users so that they learn about best practices and threats.
These when combined with additional security measures makes your SharePoint sit isolated and helps protect the data within.
Summary: SharePoint Permission Levels and Best Practices in Microsoft 365
Properly managing SharePoint permissions is crucial to maintain security and ensure users have the required access. Default permission levels, custom permissions and best practices protect both privileged information and the process of granting access.
These capabilities are further enhanced with tools like AdminDroid, which makes it easier to retrieve a history of who has access permissions and ensures no data loss due to permission relinquishing. These practices will enable you to work toward a secure and performant SharePoint in Microsoft 365.