Share Point User and Per Missions Levels

8/8/2019 Share Point User and Per Missions Levels

http://slidepdf.com/reader/full/share-point-user-and-per-missions-levels 1/22

Permissions

Permission is rights given to a person/user to do something on your site: to view, create,

delete, or edit something.

There are three kinds of permissions:

• List permissions provides rights with lists and list items, such as adding or

deleting lists, adding or deleting columns in lists, or adding or deleting items in

lists.

• Site permissions allows access at site and sub site level, such as adding pages or

subsites, or managing permissions for other users.

• Personal permissions provides user to manage their own personal view of the site,

creating personal views of lists, libraries, and add or delete personal Web Parts.

To see the permission levels assigned to groups for your site:

1. Click Site Actions, and then click Site Permissions to see the permissions page.

2. On permissions page, click Permission Levels.

The Permission Levels page opens, with a description of each Permission level and a link for editing the permission level.

Farm administrators

Farm administrator has permissions to all servers in the server farm. Members of the

Farm Administrators group do not need to be added to the Administrators group for eachserver. Farm Administrators group have ability to manage the Central Administration site

Members of Farm Administrators group have no administrative access to individual sites

or their content by default. But can take control of a specific site collection to view anycontent. For example, if a site collection administrator leaves the organization and a new

administrator must be added, farm administrators can add themselves as site collection

administrators.

To create Farm Administrator

1. Create your new account to be used as a new Farm Administrator 2. Make this account a Local Administrator on the SharePoint machine

3. Open Central Administration and navigate to the Operations Page

4. In Security Configuration section click Update farm administrator's group link



5. From the action bar click New -> Add Users

6. In Add Users page add the account of the created user by adding them to FarmAdministrators SharePoint Group click OK

7. we need to add this user as one of the Site Collection Administrators for the CA Site.

So from any of the CA pages navigate to Site Actions -> Site Settings



8. In Site Settings page, in the Users and Permissions section, click Site CollectionAdministrators link

9 In the Site Collection Administrators field enter the account of the user and then click

OK.

10 We need to add new user as a Site Collection Administrator to the SSP Site.

Navigate through Site Actions -> Site Settings, select the Site Collection Administrators

link and then add the new user there.

11 Now we need to set up the relevant permissions for this new user, so, from the SSPHome Page in the User Profiles and My Sites section click the Personalization services

permissions link



12 In action bar click the Add Users/Groups link

13 In Add Users/Groups page add new user's account and give them all the permissions

(check all the boxes) then click save

14 Navigate back to SSP Home Page and in Business Data Catalog section click Business

Data Catalog permissions link



15 In action bar click the Add Users/Groups link

16 In Add Users/Groups page add the new user's account and give them all the

permissions (check all the boxes) then click save

At this point you have set up a new user that now is a full-fledged Farm Administrator. Note that you didn't have to give them SSP access if you didn't want to. If your

security/administration requires different people for those roles you could set up different

users for each.

Server-level (system) administrators

Server-level Administrator group members on local server computer are automaticallyadded to Farm Administrators group and can perform all farm administrator actions

Server-level Administrators group is a Windows group, not a Share Point group, but the

Administrators group on local computer performs certain administrative tasks in

Windows Share Point Services. Like farm administrators, members of the Administratorsgroup on the local computer have no administrative access to site content.

But they can control specific site collections. In order to have control, they can addthemselves as site collection administrators by using the Site Collection Administrators

page in Central Administration.

To add Windows domain security groups and users accounts to SharePoint groups:



1. On the home page of the site, click Site Actions, point to Site Settings, and then

click People and Groups.

2. On the People and Groups page, in the Quick Launch, click Groups.

3. Click the name of the SharePoint group to which you want to add groups and

users.

4. Note To add all domain user accounts to the group, click Add all authenticatedusers. For example, you can do this for the default Visitors SharePoint group togive all domain user accounts permission to read the content on your site.

5. Verify that Added users to SharePoint group is selected and that the correct group

is selected, and then click OK.

Site collection administrators

Site collection administrators have Full Control permission level on content within a sitecollection. From the site collection level, site collection administrators manage settings

(such as site collection features, site collection audit settings, and site collection policies)

from the Site Settings page for the top-level site. A site collection administrator is a user

in database that states they can perform all tasks within a site collection, including alltasks for specific sites with a site collection.

Add a site collection administrator

1. In Central Administration, on the top link bar, click Application Management.

2. On the Application Management page, in the SharePoint Site Managementsection, click Site collection administrators.

3. If the selected site is not the site for which you want to manage administrators, on

the Site Collection Administrators page, on the Site Collection menu in the SiteCollection section, click Change Site Collection.

o In the Select Site Collection dialog box, select the site for which you wantto manage administrators.

o Click OK.

4. In either the Primary site collection administrator box or the Secondary site

collection administrator box, enter the user name of the user to whom you want to

assign that role.5. Click OK.

Site administratorSite administrator have Full Control permission level on the site, either directly or by being a member of a SharePoint group —for example, the Owners group that has the Full

Control permission level on the site. Site owners can perform tasks related to the siteonly, not the entire site collection.



SharePoint group Can do Cannot do

Server level

Administrators

Create new Web applications

and new Internet InformationServices (IIS) Web sites.

Perform all farm-level tasks

in Central Administration

Administer individual

sites or site content.Administer databases.

Farm Administrator Perform administrative tasks

in Central AdministrationTake ownership of any

content site.

Administer individual

sites or site content unlessthey take ownership of the

site.

Site administrator Perform administration for

the site only, not the entire

site collection.Perform administrative tasks

for documents, lists, and

libraries.

Access the Central

Administration site.

Site collection

administrator

Perform all administration

tasks for sites within the site

collection.

Access the Central

Administration site.

Create a group

1. On the home page of the site, click Site Actions, point to Site Settings, and then

click People and Groups.

2. Type a name for the group, and then type a brief description of the group's

attributes.

3. To change the owner of the group, type a new account name, or click Browse to

find an individual's account name.

4. In the Group Settings section, click the options to specify who can see the

members of this group and who can add or remove members.

5. In the Membership Requests section, click the options to specify whether you will

accept requests to be added or removed from this group, and to add the e-mailaddress that users can send requests to. If you select Auto-accept requests, users

are automatically added or removed when they make a request.

7. In Group Permission to this Site section, select the permission level that you want

to allow for this group.

8. Click Create.

Add users to groups

1. On the site home page, click the Site Actions menu, point to Site Settings, and

then click People and Groups.



2. On the People and Groups page, on the Quick Launch, click Groups.

3. Click the name of the group to which you want to add users.

4. On the People and Groups: Group name page, on the new menu, click Add Users.5. On the Add Users page, type the account names that you want to add, or browse

to find users from Active Directory service.

6. In the Give Permission section, be sure that an Add user to a SharePoint group isselected and that the correct group is displayed.

7. Click OK.

SharePoint Permission levels and permissions:

Although sites that are built on Windows SharePoint Servicesoften have additional default SharePoint groups, Windows

SharePoint Services 3.0 includes five permission levels by

default. Each of these permission levels has specificpermissions associated with it. As a site owner, you can choose

which permissions are associated with these permission levels(except for the Limited Access and Full Control permission

levels) or add new permission levels to combine different setsof permissions.

NOTE Prior to Windows SharePoint Services 3.0, permission

levels were called site groups and SharePoint groups werecalled cross-site groups.

As a site owner, you can associate permissions with permission

levels and also associate permission levels with users andSharePoint groups. Users and SharePoint groups are associated

with securable objects such as sites, lists, list items, libraries,folders within lists and libraries, and documents. For more

information about assigning permissions in different securable

objects, see about controlling access to sites and site content.

The following tables list and describe the permission levels that

you can assign to users and SharePoint groups and the

permissions you can assign to permission levels. For eachpermission, the permission level that it is associated with it, by

default, is listed. For each permission, any permissionsdependent on it are listed, as well as any default permission

levels that include the permission.

Default permission levels in Windows SharePoint Services 3.0

http://appendpopup%28this%2C%27401810158_1%27%29/


http://office.microsoft.com/en-us/windows-sharepoint-services-help/redir/HA010100144.aspx?CTT=5&origin=HA010100149


http://office.microsoft.com/en-us/windows-sharepoint-services-help/redir/HA010100144.aspx?CTT=5&origin=HA010100149




PERMISSIONLEVEL

DESCRIPTION

Full Control This permission level contains all permissions.

Assigned to the Site name Owners SharePointgroup, by default. This permission level cannot be

customized or deleted.

Design Can create lists and document libraries, edit pages

and apply themes, borders, and style sheets in theWeb site. Not assigned to any SharePoint group,

by default.

Contribute Can add, edit, and delete items in existing lists and

document libraries. Assigned to the Site name

Members SharePoint group, by default.

Read Read-only access to the Web site. Users and

SharePoint groups with this permission level can

view items and pages, open items, and documents.Assigned to the Site name Visitors SharePoint

group, by default.

LimitedAccess

The Limited Access permission level is designed tobe combined with fine-grained permissions to give

users access to a specific list, document library,item, or document, without giving them access tothe entire site. However, to access a list or library,

for example, a user must have permission to openthe parent Web site and read shared data such as

the theme and navigation bars of the Web site.

The Limited Access permission level cannot becustomized or deleted.

NOTE You cannot assign this permission level tousers or SharePoint groups. Instead, Windows

SharePoint Services 3.0 automatically assigns thispermission level to users and SharePoint groupswhen you grant them access to an object on your

site that requires that they have access to a higherlevel object on which they do not have

permissions. For example, if you grant users

access to an item in a list and they do not haveaccess to the list itself, Windows SharePoint



Services 3.0 automatically grants them LimitedAccess on the list, and also the site, if needed.

List, site, and personal permissions

Windows SharePoint Services 3.0 includes 33 permissions,which are used in the five default permission levels. You canchange which permissions are included in a particular

permission level (except for the Limited Access and Full Control

permission levels) or create a new permission level to contain aspecific set of permissions that you specify.

Permissions are categorized as list permissions, site

permissions, and personal permissions, depending upon theobjects to which they can be applied. For example, site

permissions apply to a particular site, list permissions applyonly to lists and libraries, and personal permissions apply only

to things like personal views, private Web Parts, etc. Thefollowing tables show permissions and the permission levels

they are assigned to, by default.

List Permissions

PERMISSION FULL

CONTROL

DESIGN CONTRIBUTE READ LIMITED

ACCESS

Manage Lists X X

Override

Check-Out

X X

Add Items X X X

Edit Items X X X

Delete Items X X X

View Items X X X X

Approve ItemsX X



Open Items X X X X

View Versions X X X X

Delete

Versions

X X X

Create Alerts X X X X

View

ApplicationPages

X X X X X

Site Permissions

PERMISSION FULL

CONTROL

DESIGN CONTRIBUTE READ LIMITED

ACCESS

ManagePermissions

X

View Usage

Data

X

Create

Subsites

X

Manage Web

Site

X

Add andCustomize

Pages

X X

Apply Themesand Borders

X X

Apply Style

Sheets

X X



Create Groups X

Browse

Directories

X X X

Use Self-Service Site

Creation

X X X X

View Pages X X X X

Enumerate

Permissions

X

Browse User

Information

X X X X X

Manage Alerts X

Use Remote

Interfaces

X X X X X

Use ClientIntegration

Features

X X X X X

Open X X X X X

Edit Personal

User

Information

X X X

Personal Permissions

PERMISSION FULLCONTROL

DESIGN CONTRIBUTE READ LIMITEDACCESS

Manage

Personal Views

X X X



Add/RemovePrivate Web

Parts

X X X

Update

Personal WebParts

X X X

Default permission levels

Microsoft SharePoint Foundation 2010 includes five permissionlevels by default. You can customize the permissions available

in these permission levels (except for the Limited Access andFull Control permission levels), or you can create customized

permission levels that contain only the permissions you need.

Note:

Although you cannot directly edit the Limited Access and FullControl permission levels, you can make permissions

unavailable for the entire Web application, which removes

those permissions from the Limited Access and Full Controlpermission levels. For more information, see "Manage

permissions for a Web application" in the Central

Administration Help system.

Permission

level Description

Permissions included by

default

Limited

Access

Allows access to shared

resources in the Web

site so users can accessan item within the site.

Designed to becombined with fine-

grained permissions togive users access to aspecific list, document

library, item, ordocument, without

giving users access to

the entire site. Cannot

View Application Pages,

Browse User

Information, Use RemoteInterfaces, Use Client

Integration Features,Open



be customized ordeleted.

Read Read-only access to theWeb site.

Limited Accesspermissions plus: View

Items, Open Items, ViewVersions, Create Alerts,Use Self-Service Site

Creation, View Pages

Contribute Can create and edit

items in existing listsand document libraries.

Read permissions plus:

Add Items, Edit Items,Delete Items, Delete

Versions, Browse

Directories, EditPersonal User

Information, ManagePersonal Views,

Add/Remove Personal

Web Parts, UpdatePersonal Web Parts

Design Can create lists anddocument libraries and

edit pages in the Website.

Contribute permissionsplus: Manage Lists,

Override Check Out,Approve Items, Add and

Customize Pages, Apply

Themes and Borders,Apply Style Sheets

FullControl

Full control of the scope. All permissions

User permissions

SharePoint Foundation 2010 includes 32 permissions, which

are used in the five default permission levels. You can change

which permissions are included in a particular permission level

(except for the Limited Access and Full Control permissionlevels), or you can create a new permission level to containspecific permissions.



List permissions

Permission Description

Dependent

permissions

Included inthese

permission

levels by default

Manage

Lists

Create and delete

lists, add orremove columns in

a list, and add or

remove publicviews of a list.

View Items,

View Pages,Open, Manage

Personal

Views

Design, Full

Control

OverrideCheck Out

Discard or check ina document that is

checked out toanother userwithout saving the

current changes.

View Items,View Pages,

Open

Design, FullControl

Add Items Add items to lists,

and adddocuments to

document

libraries.

View Items,

View Pages,Open

Contribute,

Design, FullControl

Edit Items Edit items in lists,

edit documents indocument

libraries, and

customize WebPart Pages in

documentlibraries.

View Items,

View Pages,Open

Contribute,

Design, FullControl

DeleteItems

Delete items froma list, and

documents from a

document library.


Open

Contribute,Design, Full

Control

View Items View items in lists,

and documents indocument

libraries.

View Pages,

Open

Read,


Control

Approve Approve minor Edit Items, Design, Full



Items versions of listitems or

documents.


Open

Control

Open Items View the source of

documents withserver-side filehandlers.

View Items,

View Pages,Open

Read,

Contribute,Design, FullControl

ViewVersions

View past versionsof list items or

documents.

View Items,Open Items,

View Pages,Open

Read,Contribute,

Design, FullControl

Delete

Versions

Delete past

versions of listitems or

documents.

View Items,

ViewVersions,

View Pages,Open

Contribute,

Design, FullControl

CreateAlerts

Create e-mailalerts.


Open

Read,Contribute,

Design, Full

Control

View

ApplicationPages

View forms, views,

and applicationpages. Enumerate

lists.

Open All

Site permissions


Dependent

permissions

Included in

these

permissionlevels by

default

Manage

Permissions

Create and

change

permission levelson the Web site

and assignpermissions to

users and groups.

View Items,

Open Items,

View Versions,Browse

Directories,View Pages,

Enumerate

Permissions,Browse User

Full Control



Information,Open

View UsageData

View reports onWeb site usage.

View Pages,Open

Full Control

CreateSubsites

Create subsitessuch as team

sites, Meeting

Workspace sites,and Document

Workspace sites.

View Pages,Browse User

Information,

Open

Full Control

Manage Web

Site

Perform all

administration

tasks for the Website, and manage

content.

View Items,

Add and

CustomizePages, Browse

Directories,View Pages,

Enumerate

Permissions,Browse User

Information,Open

Full Control

Add andCustomize

Pages

Add, change, ordelete HTML

pages or WebPart pages, andedit the Web site

by using aWindows

SharePoint

Services-compatible editor.

View Items,Browse

Directories,View Pages,Open

Design, FullControl

ApplyThemes and

Borders

Apply a theme orborders to the

entire Web site.

View Pages,Open

Design, FullControl

Apply Style

Sheets

Apply a style

sheet (.css file) to

the Web site.

View Pages,

Open

Design, Full

Control

Create

Groups

Create a group of

users that can be

View Pages,

Browse User

Full Control



used anywherewithin the site

collection.

Information,Open

Browse

Directories

Enumerate files

and folders in aWeb site by usingMicrosoft

SharePointDesigner 2010

and Web DAVinterfaces.

View Pages,

Open

Contribute,

Design, FullControl

Use Self-

Service SiteCreation

Create a Web site

by using Self-Service Site

Creation.

View Pages,

Browse UserInformation,

Open

Read,


Control

View Pages View pages in a

Web site.

Open Read,

Contribute,

Design, FullControl

EnumeratePermissions

Enumeratepermissions on

the Web site, list,folder, document,

or list item.

BrowseDirectories,

View Pages,Browse User

Information,Open

Full Control

Browse User

Information

View information

about users of theWeb site.

Open All

ManageAlerts

Manage alerts forall users of the

Web site.


Open

Full Control

Use Remote

Interfaces

Use SOAP, Web

DAV, orSharePointDesigner 2010

interfaces to

access the Website.

Open All

Use Client Use features that Use Remote All



IntegrationFeatures

start clientapplications.

Without thispermission, users

must work on

documents locallyand then upload

their changes.

Interfaces,Open

Open Open a Web site,

list, or folder toaccess items

inside that

container.

None All

Edit

PersonalUser

Information

Users can change

their own userinformation, such

as adding a

picture.

Browse User

Information,Open

Contribute,

Design, FullControl

Personal permissions


Dependent

permissions

Included inthese permission

levels by default

Manage

Personal Views

Create, change,

and deletepersonal views

of lists.

View Items,

View Pages,Open

Contribute,

Design, FullControl

Add/Remove

Personal WebParts

Add or remove

personal WebParts on a Web

Part page.

View Items,

View Pages,Open

Contribute,

Design, FullControl

UpdatePersonal Web

Parts

Update WebParts to display

personalizedinformation.

View Items,View Pages.

Open


Control

How do create new permissions levels:



1.Site Actions--------Select Site Settings

2. Select the Site Permissions------- Settings--------Permissions

levels

3. Click on Add a permissions levels



4. It should open the ‘Add a new Permissions level’.



Documents

Share Point User and Per Missions Levels