SharePoint offers companies almost infinite ways to define and configure security settings to meet their specific requirements and desired level of security. Its robust security model includes granular control over SharePoint user permissions granted to individuals who can access Sites. Both Site Level and user role can be used to customize security settings for your SharePoint users. The possibilities are endless! In addition, SharePoint offers various authentication methods to ensure users who are gaining access to its environment and resources are verified as the users who have been granted permissions.
Understanding how to properly configure SharePoint user permissions is crucial for maintaining data security and privacy within your organization. This is our first article in a series exploring how SharePoint’s extraordinary user security features help organizations control their SharePoint environments to their unique security standards.
SharePoint User Roles and Permissions
Keep in mind that SharePoint user permissions are just one way the platform helps companies manage security and privacy. But it’s both an important and easy to manage way to secure your environment.
SharePoint user permissions are one way the platform helps companies manage security and privacy. SharePoint uses a role-based access control (RBAC) model, allowing administrators to assign permissions to users based on their roles within the organization. This ensures the company controls who does and does not have access to files and how they can engage with those files. For example, some users will have full control to read, edit, add, and even delete files, whereas others may only be granted read-only access.
Here are the user roles and the permission levels associated with each.
SharePoint Administrators– Preeminent Permissions
Also referred to as “Farm Administrators” or “Global Administrators,” SharePoint Admins have the highest level of permissions and full control over every aspect of the SharePoint environment. Full Administrators operate in “God” (or “Goddess”!) mode on SharePoint. Their great power allows them to access and modify settings that are unavailable to all other administrators and users. Plus, they can use those powers across the entire SharePoint environment.
But with great power comes great responsibility. SharePoint Administrators play a critical role in maintaining and securing the security, performance, and compliance of the organization’s SharePoint environment. They are the overseers of integral functions such as managing server settings, configuring authentication methods, database backups, regulatory compliance, disaster recovery, and much more. SharePoint Administrators typically work closely with other IT teams to ensure a robust, secure, and efficient collaboration platform across the organization.
Other SharePoint Administrator Roles – Elevated Permissions
Depending on the size and structure of an organization, other administrative roles in the deployment and management of their SharePoint environment might be created and assigned. For example, a SharePoint Site Collection Administrator has elevated permissions to manage one or more Site Collections within the larger SharePoint environment (or the “farm”). Business unit leaders, departmental IT staff, and project managers are some of the roles often assigned to be Site Collections Administrators.
Further, an organization might create an administrator role and grant elevated permissions associated with a specific Service Application needed to maintain their SharePoint environment. Examples of Service Applications include User Profile Service, Search Service, and Managed Metadata Service.
If the SharePoint Administrator functions in God/Goddess-mode, if might be fair to say that other administrative roles operate as archangels. They have elevated, specialized, and more “super-human” permissions than all the user roles, but they don’t wield ultimate power and control over the SharePoint environment.
Site Owners – All the User Permissions
The remainder of the SharePoint roles to describe are user – rather than administrative – roles. That is, we’re now in the “mere mortal” territory of the SharePoint role hierarchy. (Which is also where we’re going to abandon this heavenly/earthly analogy, as we can already see that it would go downhill fast from here!)
In SharePoint, a Site Owner is the user role with the highest level of permissions and control over a specific site or site collection. Site Owners have full administrative rights and responsibilities for managing the site’s content, configuration, and user access.
Site Owners can customize the site’s appearance, navigation, and functionality. They can also grant or revoke permissions for all the other roles associated with the site, and they can create, modify, and delete any type of content contained within the site.
Site Members – Collaboration User Permissions
Site Members are users granted certain permissions and access rights within a specific SharePoint site. They typically have more access and control than Site Visitors, but fewer permissions than Site Owners. Site Members can create, edit, and manage components within the site, but they cannot configure, design, or manage the site itself. Members contribute content and collaborate with other members of the site.
Site Visitors – Read-Only User Permissions
Site Visitors are limited to viewing and consuming content within a SharePoint site. They cannot contribute or make changes. Visitors are people with whom you need to share information without collaborating with them.
Site Visitor status can be granted to both people within and outside an organization. For example, a Site Owner may grant Site Visitor status to customers so they can read but not modify documents relevant to the business relationship. Within an organization, employees might be Site Visitors to the HR department’s SharePoint site because they need access to corporate policy documents but need to be restricted from editing those files.
Custom Roles – Custom User Permissions
Sometimes, SharePoint’s standard roles don’t neatly fit an organization’s needs. In these cases, the SharePoint Administrator wields his or her awesome power to create roles defining the exact permissions and rights for users or groups. These permission powers can be deployed at the site, list, library, or even individual item level. Various actions, such as editing, deleting, or managing libraries can be granted or restricted, allowing for precise control over users’ ability to access and modify content within SharePoint.
Custom roles are particularly useful in scenarios where organizations have specific compliance requirements, complex business processes, or unique security needs that cannot be adequately addressed by the out-of-the-box roles. For example, a custom role could be created for external contractors, granting them limited access to specific document libraries while restricting their ability to modify other areas of the SharePoint site.
Mastering SharePoint User Permissions
Full, configurable control of user permissions is just one way SharePoint offers an elevated level of control over security, but it is an essential factor to master for maintaining data security and compliance within your organization.
This article is focused on clarifying how SharePoint user permissions help you keep your organization and your data secure. In our next two articles, we’ll dive into how Site Level controls and authentication methods interact with the various user roles to ensure data security. In later articles, we will describe some of the many other awe-inspiring configurable security settings SharePoint offers organizations.
About enkompas Technology Solutions
enkompas powers your entire technology environment, working closely with your team to provide strategic enterprise technology solutions. With nearly 30 years of experience as a trusted Managed IT Services Provider, our goal is to help you build a secure, scalable organizational roadmap for your IT environment. Contact us for more information about how enkompas Technology Solutions partners with our clients to fully understand your business and provide SharePoint solutions tailored to your needs – we support your environment, so you don’t have to.