Microsoft SharePoint has been around for decades, and its security permissions haven’t changed a lot over the years. Permissions can be set at the top-level site, at a list or library, at a folder, or even at a file level.
The primary permission levels used over the years still exist:
- Full Control – just that, grants full control.
- Edit – Can add, edit, and delete lists and libraries; can view add, update, and delete list items and documents.
- Contribute – Can view, add, update, and delete list items and documents.
- Read – Can view pages and list items and documents.
- Restricted View – Can view pages, list items and documents, but cannot download them.
Microsoft also has 3 built-in SharePoint security groups, which are assigned one of those permission levels:
- Owner – Full Control
- Member – Edit
- Visitor – Read
At first glance, that looks appropriate. At second glance, it should give you pause.
Yes, if you are an Owner of a site, it makes sense that you can do everything and anything you want to that site including deleting lists or libraries on the site or even up to deleting the entire site.
Yes, if you are a Visitor of the site, it makes sense to have Read-only access.
If you are a member of the site with the default permissions level of “Edit,” essentially you have Owner rights of the site without the ability to delete the entire site. However, you have permission to delete any library or list on that site that is inheriting the same permissions.
SharePoint Permissions for Members
That is where this blog comes in.
First, to make you aware of the default permissions that Microsoft is handing out.
Second, that the Edit permission seemingly has more permission access than you think it might.
Third, to consider making a change for the SharePoint Member groups to have the Contribute permission instead of the Edit permission.
Revisiting the Contribute permission, it can view, add, update, and delete list items and documents. If you were to classify general information workers in your organization, this would be the majority of the users. Your users are not creating new libraries and lists during their routine daily tasks. They are just working in the already created libraries and lists with the data in them. The Contribute permission is ideal for this.
Keeping security in mind, you should only provide users the minimum access they need to do their job function. That is just one layer of the onion in securing your SharePoint environment.
Have any questions about setting SharePoint permissions or your SharePoint environment security? Please reach out to one of our experts!