Groups and Permissions

A SharePoint group is a collection of users who all have the same set of permissions, or permission level.

SharePoint groups can simplify the task of assigning and managing site access. Rather than track site or content access one person at a time, you can use groups to conveniently assign the same permission level to many people at once.

Assigning permission levels to SharePoint groups instead of individuals lets you:

  • Streamline site maintenance for yourself and successive site owners.
  • Ensure that people performing similar tasks have the same level of access.
  • Ensure that people have only the access they need, not more.

By default, the following SharePoint groups should be used and assigned the permissions below:

Group Name Permission LevelDescription
Owner Full Control Full permissions to the Site and all subsites.
Member Contribute View, add, update, and delete list items and documents.
Visitor Read View pages and items in existing lists and document libraries and download documents.

Assigning groups to the Site Collection and subsites:

  • At the site collection level, the SharePoint Visitor group should contain the highest level AD group for your organization so that everyone within your organization can view (read only) content under all sites within it.
  • Only assign an AD group to a SharePoint Member group for subsites that they should be able to contribute (add/update/delete). Remember all subsites should inherit permissions from the parent site, so anyone in the Member group can modify content in all subsites – unless they you break inheritance and/or assign a different AD group to the SharePoint member group for a subsite.
  • Only add qualified individuals to the SharePoint Owner group since these individuals have full control to the site and can modify permissions, add/edit/delete all content, etc.

Additional information