When you create a new SharePoint site, there are five permission levels provided by default:
Full Control: allows users or groups full control over a site. Full Control is the least restrictive permission level. You can not modify or remove this permission level.
Design: allows users or groups to view, add, update, delete, approve, and customize lists, libraries, and pages on your site, including themes and style sheets.
Contribute: allows users or groups to view, add, update, and delete previously created list items and document libraries.
Read: allows users or groups to read pages on the site including the resource libraries. Read is the most restrictive permission level.
Limited Access: is a permission level that is automatically assigned to a user or group and therefore cannot be directly assigned by the administrator. It is used when you assign the users or groups to a child object of a parent object to which they do not have access. You can not modify or remove this permission level.
Securable Objects Permission
SharePoint provides the ability to manage item level permissions on individual objects (such as lists and libraries), even down to the individual folders, documents, and list items within those lists and libraries. These items that you can apply permissions to are called Securable Objects. Each site contains additional securable objects which have a particular position in the site hierarchy, as shown in figure
SharePoint Users and Groups
You can add a user to SharePoint who has a valid account that has been authenticated as mentioned in SharePoint User Authentication. When a user is added to the system, you can assign permissions directly to a securable object (web, list, library, etc.) or indirectly through a SharePoint Group. Using SharePoint Groups is the recommended practice when managing security since it’s easier to manage changes for a group than for individual users, and apply the same group to different objects across your sites.
A SharePoint Group (cross site group in previous WSS versions) is a logical grouping of users that you can create to manage permissions to the site and to provide an e-mail distribution list for site members. All SharePoint groups are created at the site collection level and are available to all sub-sites in the site collection. You can also create groups that only have permissions to a particular sub-site as shown in path 1 in figure
SharePoint groups can contain Windows (Active Directory) security groups, ASP.NET Forms authentication groups (using the roles within the role membership provider), and individual users with a user account on the local server or a Windows domain as shown in path 2 in figure.
SharePoint Groups and Users Scope
SharePoint provides three default SharePoint groups with permissions on the top-level site, each with a Site name prefix. These default groups are also provided when a new site with unique permissions is created.
- Site Owners: have Full Control permissions in the site.
- Site Members: have Contribute permissions.
- Site Readers: have Read permissions.
Each of these SharePoint groups is associated with a default permission level, but you can change the permission level for any SharePoint group as needed.
The most common uses of SharePoint include:
A SharePoint intranet portal is a way to centralize access to enterprise information and applications on a corporate network. It is a tool that helps a company manage its data, applications, and information easier. This has organizational benefits such as increased employee engagement, centralizing process management, reducing new staff on-boarding costs, and providing tacit knowledge capture.
Enterprise content and document management
SharePoint is often used to store and track electronic documents or images of paper documents. It is usually also capable of keeping track of the different versions created by different users. In addition to being a platform for digital record management systems that meet government and industry compliance standards, SharePoint also provides the benefit of a central location for storing and working on documents, which can significantly reduce emails and duplicated work in an organization.
SharePoint can be used to provide password-protected, web-facing access to people outside an organization. Organizations often use functionality like this to integrate third parties intosupply chains or business processes.
SharePoint can be used to manage a public website. Due to the complex nature and hardware requirements of SharePoint, it is not typically considered for this purpose unless there is a scalability requirement or an integration with extranet/intranet facilities.