While SharePoint offers a variety of permission levels for sites, one can use built-in SharePoint groups for communication sites and managing team site permissions through the associated Microsoft 365 group. It allows for easier administration.
Understanding permission levels
The easiest way to work with permissions is to use the default groups and permissions levels provided, which cover most common scenarios. If one needs to, one can set more fine-grained permissions beyond the default levels. This blog describes the different permissions and permission levels, how SharePoint groups and permissions work together, and how permissions cascade through a site collection.
Overview and permissions inheritance
Every site exists in a site collection, which is a group of sites under a single top-level site. The top-level site is called the root site of the site collection.
Here, the permissions scopes are numbered, starting at the broadest level at which permissions can be set, and ending at the narrowest level.
An important concept to understand is permissions inheritance. By design, all the sites and site content in a collection inherit the permissions settings of the root or top-level site. When you assign unique permissions to sites, libraries, and items, those items no longer inherit permissions from their parent site. Here’s more information on how permissions work within the hierarchy.
A site collection administrator configures permissions for the top level site or root site for the whole collection.
If you are a site owner, you can change permission settings for the site, which stops permission inheritance for the site.
Lists and libraries inherit permissions from the site to which they belong. If you are a site owner, you can stop permissions inheritance and change the permission settings for the list or library.
List items and library files inherit permissions from their parent list or library. If you have control of a list or library, you can stop permissions inheritance and change permissions settings directly on a specific item.
It is important to know that a user can interrupt the default permission inheritance for a list or library item by sharing a document or item with someone who does not have access. In that case, SharePoint automatically stops inheritance on the document.
Default Permission Levels
Default permission levels allow you to quickly and easily provide common levels of permissions for one user or groups of users.
By default, site owners and members can add new users to the site.
Permissions and dependent permissions
SharePoint permissions can depend on other SharePoint permissions. For example, you must be able to open an item to view it. In this way, View Items permission depends on Open permissions.
When you select a SharePoint permission that depends on another, SharePoint automatically selects the associated permission. Similarly, when you clear SharePoint permission, SharePoint automatically clears any SharePoint permission that depends on it.
We, as SharePoint consultants, help you utilize your understanding of permission levels and inheritance to plan your permission strategies in order to minimize maintenance, ensure compliance with your organization’s data governance policies and to set guidelines for your users.