Courtesy of LightningTools
- Are you tasked with managing SharePoint Permissions for your department? Below are 10 SharePoint Permissions Tips you need to know!
1. Clicking ‘Share’ at Site Level behaves differently to clicking ‘Share’ at folder or item level.
Clicking “Share” at site level will make the invited user a member of the sitename_members group within the SharePoint team site. That means that permission inheritance at the site level does not need to be broken and you avoid granting a direct permission to the user.
Clicking ‘Share’ at item level or folder level behaves differently. The permission inheritance on the item or folder is broken, and a direct permission is assigned to the invited user. That means that you could end up with hundreds of folders or items with broken permission inheritance.
2. The ‘Edit’ permission level allows users to ‘Manage Lists’ which includes deleting them.
The Edit permission level was introduced with SharePoint 2013 and it sits between Contribute and Design permission levels. The Edit Permission Level includes the Manage Lists permission which enables users with this permission level to delete entire lists and should therefore be used with caution.
3. The ‘Edit’ permission level is the default permission level assigned to the members group within a SharePoint Team Site.
In SharePoint 2010 and prior, the default permission level was Contribute for the members group. In SharePoint 2013, 2016 and SharePoint Online, the default permission level for the members group is ‘Edit’. Even though SharePoint’s user interface suggests that the members group gets Contribute. It doesn’t!
4. You can change the default SharePoint Group for a site when ‘Sharing’ the site, and therefore avoid granting users ‘Edit’.
Our opinion is that you SHOULD NOT modify the ‘Edit’ permission level to remove ‘Manage Lists’, but instead create a new SharePoint Group which is assigned ‘Contribute’. You can then make your new SharePoint Group the default group for the Team Site. So when users click Share, the users will be granted Contribute and not Edit.
Before the Default Group is Changed
After the Default Group is Changed
5. Limited Access is a SharePoint Permission Level that is automatically granted to users at site level when the user is assigned permissions to a child object with broken permission inheritance.
Limited Access is granted automatically to a user when the user is granted permissions to an object within the site such as a folder, thus allowing the user to navigate to the folder via the Site.
6. SharePoint 2013 hides users granted ‘Limited Access’ from the permissions page.
Limited Access no longer displays within the SharePoint permissions report within the team site. Instead, a small yellow banner suggests permissions are broken within the SharePoint team site.