Grant and manage permissions in SharePoint

Permissions in SharePoint

SharePoint offers the possibility of individually defining and restricting user access and editing rights. Authorizations in SharePoint are often not managed by IT people, but by the respective department heads (or the respective site owner) themselves. Although user management appears simple at first glance, it can quickly become complex.

Companies often fail in the systematic management of permissions in SharePoint and thus lose track of who has what permissions and where.

So that you can structure your authorizations clearly, we want to use this blog post to give you an understanding of the basics of an authorization concept and give you some practical application tips.

If you need help with SharePoint, Al Rafay Consulting is always prepared to provide their services for SharePoint solutions. You can find out more about our SharePoint Consulting services at the Al Rafay Consulting website. 

How permissions work in SharePoint

When assigning permissions, it is important to remember that permissions are automatically inherited from top to bottom, e.g. from a site collection to a subordinate library, list or team site down to the folder and document level. A user usually has the same authorizations for a document (eg writing rights) that have been defined for him at the highest level.

Often, however, you need different permissions specifically for subordinate team sites than those assigned for the superordinate site collection. To allow these exceptions, one can break permission inheritance. 

SharePoint offers various standard authorization levels that decide whether a user can edit documents or only have read rights, for example. The specified authorization level also applies to all objects not assigned to the website, i.e. it is inherited.

Below I have listed the most important the standard authorization levels with their description:

Customize permission levels in SharePoint

All of these levels, with the exception of “Limited Access” and “Full Access”, are customizable.

Our tip: Instead of changing an authorization level, it is better to create a new one. This is very easy to do with copy & paste. You can then make your individual changes, and ideally make them clear in the title, for example, Design without approval. This authorization level can then be used again and again.

SharePoint works with 33 predefined permissions that are used in the default levels. You can access these via the “Site Collections” in the “Site Settings” under “Permissions”. The creator of the site is usually the Site Collection Admin, who has full access to all elements regardless of all permissions.

Our tip: Also define an owner group with at least one other person. This group also has admin rights and can maintain user groups.

Grant permissions in SharePoint

We are going to talk about the creation of a library whose permissions we want to manage separately. To do this, you open the library and select “Library settings” in the “Library” tab. Then check under the “Permissions and Management” category and there you have to select select “Permissions for this library”.

Now the message appears that this library inherits its permissions from a parent (project group 1). We also see a list of all groups and their respective permissions, which currently apply to the library (and since the permissions are currently still inherited, also to the parent object type).

Break inheritance and change permissions

If you want to change the permissions and break the inheritance, you have to click on the icon “End Permissions Inheritance”.

First, a message appears indicating that you are about to break permissions inheritance, so changes to the parent site will no longer have any effect. If you confirm this notice with “OK”, the original overview appears again, but this time with the notice that the library has its own authorizations.

The permissions that existed before the inheritance was broken are retained. This means you still see the same access rights. However, you now have the option of editing them individually:

If you select one of the permission groups, such as “Project Group 1 Viewers” here, you can adjust the permissions in the upper menu bar (“Edit User Permissions”) or revoke them (“Remove User Permissions”). You will then also receive a message about the effects, which you must confirm with “OK”.

Assign permissions in SharePoint

As in the example above, you can access the permissions directly from the library settings. You can access the “Permissions” website via the cogwheel under “Site settings”. A third variant is to open the “Page” tab and then the “Page Permissions” via the ribbon.

Important, this way you only revoke the permissions for exactly this page. If you are currently on the home page, you can, for example, revoke someone’s access rights to this home page. All other pages of the associated website collection can still be reached by the user with the corresponding link.

Also Read About: Revamp Traditional Business Processes with Innovative Custom SharePoint Development Services

Add Permission Groups

Of course, you can also add new authorization groups. For this you will have to click “Grant Permission” button and the permission is granted.

Here you select the people (group) to whom you want to grant permissions. These permissions can be defined under “Show Options”. You can also add an individual notification text.

Al Rafay Consulting would be excited to work with your organization for providing SharePoint consulting services and solutions to enhance your workability.