Table of Contents
- π₯ Managing User Permissions in SharePoint (Visitors, Owners & Removal)
- Managing Default and Custom Permissions in SharePoint
π₯ Managing User Permissions in SharePoint (Visitors, Owners & Removal)
Permissions are one of the most important parts of SharePoint. They control who can view, edit, or fully manage your site.
Instead of giving everyone the same access, SharePoint organizes users into groups β making security easier and safer to manage.
In this section, youβll learn how to:
- Invite users with limited access (Visitors)
- Promote users to full control (Owners)
- Remove users when access is no longer required
π Best Practice: Always grant the least privilege first. You can increase access later, but preventing accidental edits is much harder after they happen.
Video Explanation
πΉ Invite a User as a Visitor (Read-Only Access)
Visitors are users who can view content but cannot edit anything.
This is ideal for stakeholders, auditors, or team members who only need to read information.
When added to the Visitors group, the user can open pages, lists, and documents β but editing options are hidden.
What Visitors Can Do
- View pages, lists, and documents
- Download files
- Search site content
What Visitors Cannot Do
- Add or edit list items
- Upload or modify files
- Change site settings
Steps to Add a Visitor
- Click the β Settings icon (top right)
- Select Site permissions
- Scroll down and click Advanced permission settings
- Locate the Visitors group
- Click Grant Permissions
- Enter the userβs name or email
- Choose the Visitors group
- (Optional) Add a message
- Click Share / OK
The user receives an email invitation and is automatically added after opening the link.
π‘ Tip: If a user should only see information and not modify it β always use the Visitors group.
πΉ Promote a User to Site Owner (Full Control)
Owners have the highest level of access in SharePoint.
They can manage permissions, edit content, and configure the site.
Only assign this role to trusted individuals responsible for maintaining the site.
Owners Can
- Add, edit, and delete content
- Manage permissions
- Create lists and libraries
- Change site settings
- Control structure and navigation
Steps to Make a User an Owner
- Go to β Settings β Site permissions
- Open Advanced permission settings
- Select the Owners group
- Click New β Add users to this group
- Enter the userβs name
- Add a message (optional)
- Click Share / OK
After accepting the email invitation, the user becomes a site owner immediately.
β οΈ Important: Owners can grant permissions to others β only assign this role when necessary.
πΉ Remove a User from a Permission Group
Sometimes access needs to be revoked β for example when a project ends or a team member changes roles.
Removing a user from a group immediately updates their permissions.
If they belong to multiple groups, they will still keep access from the remaining groups.
Steps to Remove a User
- Go to β Settings β Site permissions
- Click Advanced permission settings
- Open the group (e.g., Owners)
- Select the user
- Click Actions β Remove users from group
- Confirm the removal
The permission change takes effect instantly after refresh.
π§ Reminder: Removing from Owners does not remove access completely if the user still belongs to Members or Visitors.
β Quick Permission Overview
| Group | Access Level | Typical Use |
|---|---|---|
| Visitors | Read-only | Stakeholders, viewers |
| Members | Edit content | Team contributors |
| Owners | Full control | Site administrators |
Proper permission management keeps your SharePoint environment secure, organized, and collaborative β while preventing accidental changes or data loss.
Managing Default and Custom Permissions in SharePoint
In this section, youβll learn how SharePoint permissions actually work β not just how to click buttons, but why theyβre structured this way.
SharePoint follows a security model based on permission levels β assigned to groups β groups contain users.
Understanding this flow is important because:
- π You should never assign permissions directly to users (hard to manage later)
- π₯ Permissions should be controlled through groups
- π§ Always follow the Principle of Least Privilege β give only the access required
- π Custom permission levels allow you to fine-tune access instead of using only built-in roles
Once you understand the default permissions, creating your own secure setup becomes much easier.
Video Explanation
1) Understanding Default Permission Levels
Before creating custom permissions, itβs important to understand how SharePointβs built-in permissions are structured.
SharePoint comes with predefined groups and permission levels:
Default Groups
- Owners β Full control
- Members β Edit content
- Visitors β Read-only
Each group is assigned a permission level, and that permission level is actually a collection of many smaller capabilities (view, edit, delete, manage site, etc.).
How to View Default Permission Levels
- Click the Settings (βοΈ) icon (top-right)
- Select Site permissions
- Click Advanced permission settings
- In the top menu, click Permission Levels
You will see levels such as:
- Full Control
- Design
- Edit
- Contribute
- Read
Example: What βReadβ Permission Allows
Allowed
- View lists and libraries
- Open items
- View pages
Not Allowed
- Edit items
- Delete items
- Manage site settings
- Change appearance
- Personal permissions
π This is why Visitors can see content but cannot modify anything.
Key Idea:
The Read permission is intentionally restrictive β it protects your data while still allowing access.
2) Creating a Custom Permission Level
Sometimes default permissions are too broad.
Example:
- Read = too limited β
- Edit = too powerful β
So you create a custom permission tailored exactly to your needs.
In our case:
We want users to read and edit items but not fully control the site.
Steps to Create Custom Permission
- Go to Permission Levels page (same place as above)
- Open the Read permission level
- Click Copy Permission Level
Now configure it:
Name: Read and Edit
Description: Can read and edit items
Modify Permissions
Keep everything from Read AND additionally enable:
- β Edit Items
- β Approve Items
Then click Create
You now have a new permission level available alongside default ones.
π‘ Best Practice
Create permissions based on real job responsibilities, not convenience.
3) Create a Group and Assign the Custom Permission
Permissions should be assigned to groups, not directly to users.
This keeps your site manageable as your team grows.
Why Use Groups?
- Add/remove users without changing permissions
- Cleaner security structure
- Easier auditing
- Scalable management
Create a New Group
- Go to Advanced permission settings
- Click Create Group
Fill details:
Group Name: Read and Edit Group
Description: Members can read and edit
Under Give group permissions to this site
β Select Read and Edit
Click Create
Add a User to the Group
Now add people who should have this access.
- Open the newly created group
- Click New
- Enter the user name
- Add a message (optional)
- Click Share
The user is now part of the group and automatically inherits permissions.
What the User Can Do Now
Because the user belongs to the custom group:
They CAN
- View lists
- Edit existing items
They CANNOT
- Create new list items
- Manage site settings
- Change structure
This proves the custom permission works exactly as designed.
Key Takeaways
- SharePoint permissions work as:
Permission Level β Group β Users - Always assign permissions to groups, not individuals
- Default permissions are often too broad
- Custom permissions allow precise control
- Follow the least privilege principle for security
Using this approach keeps your SharePoint environment secure, organized, and easy to maintain as your organization grows.
Leave a Reply