Over view PERMISSION LEVELS SharePoint 2010/2007
PERMISSION LEVELS SharePoint
Permission levels are the sets of permissions that administrators use to grant users access to site content. Depending upon the access a user or group of users require, an administrator can use the out-of-the-box permission levels or create one that will fulfill the user access requirements.
Unlike permissions, permission levels are manageable from the site where they are being used. From the Site Permissions page, you can access the current permission levels available for your site. It is here you can create your own permission levels, delete existing permission levels, and modify existing permission levels.
Note There are a few “best practices” when it comes to managing permission levels:
Unlike permissions, permission levels are manageable from the site where they are being used. From the Site Permissions page, you can access the current permission levels available for your site. It is here you can create your own permission levels, delete existing permission levels, and modify existing permission levels.
Note There are a few “best practices” when it comes to managing permission levels:
• It is not a good idea to modify a default permission level. If a default permission level is not configured the way you like, you can create a new permission level.
• When you create a new permission level, you are often only changing one or more permissions assigned to a default permission level. To ensure that you keep all the desired permissions, make a copy of the default permission level and then edit the permissions for the copied permission level.
• It is not recommended to delete a default permission level. If you don’t think you need it, there is no harm in keeping it. If you need it down the road, you won’t have to create it from scratch and risk not configuring it the same way it was originally.
• When you create a new permission level, you are often only changing one or more permissions assigned to a default permission level. To ensure that you keep all the desired permissions, make a copy of the default permission level and then edit the permissions for the copied permission level.
• It is not recommended to delete a default permission level. If you don’t think you need it, there is no harm in keeping it. If you need it down the road, you won’t have to create it from scratch and risk not configuring it the same way it was originally.
By default, a set of permission levels is available when a new site is created. This set of permissions will depend upon the site template that was used to create the site. For team sites there are six default permission levels:
Full Control — Users and groups with this permission level will have access to everything on the site and can perform any site administrative tasks. This shouldn’t be confused with site collection administrators. Users and groups with Full Control permissions cannot perform site collection administrative tasks.
Design — Can view, add, update, delete, approve, and customize. A step up from Contribute, this permission also allows users to customize the site and its pages. Additionally, this group can approve items that are in containers with Content Approval enabled. For the most part, users and groups with this permission level can do anything on the securable object except for administrative tasks.
Contribute — Can view, add, update, and delete list items and documents. This is the standard permission level used to grant users access to content and containers when they need to add, edit, and delete content.
Read — Can view pages and list items and download documents. This is the standard permission level for users and groups you want to access content, but not have the permissions to add, edit, or delete content.
Limited Access — Can view specific lists, document libraries, list items, folders, or documents when given permissions. This permission level cannot be assigned. Instead, it is the result of customizing permissions for a securable object. In essence, when you see this permission level for a user or group, the users have access to a securable object in the current container, but not to all the securable objects in the container.
View Only — Can view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded. The key concept here is that users and groups with this permission level can’t download copies of documents with server-side file handlers.
Design — Can view, add, update, delete, approve, and customize. A step up from Contribute, this permission also allows users to customize the site and its pages. Additionally, this group can approve items that are in containers with Content Approval enabled. For the most part, users and groups with this permission level can do anything on the securable object except for administrative tasks.
Contribute — Can view, add, update, and delete list items and documents. This is the standard permission level used to grant users access to content and containers when they need to add, edit, and delete content.
Read — Can view pages and list items and download documents. This is the standard permission level for users and groups you want to access content, but not have the permissions to add, edit, or delete content.
Limited Access — Can view specific lists, document libraries, list items, folders, or documents when given permissions. This permission level cannot be assigned. Instead, it is the result of customizing permissions for a securable object. In essence, when you see this permission level for a user or group, the users have access to a securable object in the current container, but not to all the securable objects in the container.
View Only — Can view pages, list items, and documents. Document types with server-side file handlers can be viewed in the browser but not downloaded. The key concept here is that users and groups with this permission level can’t download copies of documents with server-side file handlers.
To see all of the default permission levels, you have to create a site based on a Publishing site template. Only the Publishing site template deploys the total set of permission levels. These include the permission levels available with the team site as well as those in the following list:
Restricted Read — View pages and documents. For Publishing sites only. This permission level is similar to the Read permission level, but it only has four of the eleven Read permission level permissions. Key distinctions are that users with this permission level will not be able to create alerts, browse user information, or use client integration.
View Only — View pages, list items, and documents. If the document has a server-side file handler available, users can only view the document by using that file handler. Again, this permission level is based on the Read permission, but it doesn’t have all the same permissions. A few key distinctions are that users with this permission level will not be able to open list and document library items, browse user information, or use client integration.
Approve — Edit and approve pages, list items, and documents. For Publishing sites only. This permission level is designed to work with the Publishing Approval workflow template. Users and groups with this permission level will be able to edit and approve items submitted, and leverage the Publishing Approval workflow. They will also be able to approve items in lists and document libraries that have Content Approval enabled.
Manage Hierarchy — Create sites; edit pages, list items, and documents. For Publishing sites only. Similar to the Design permission, this permission level allows users to edit the design and components that make up the site. This permission level does not include all the permissions that users with the Design permission level have. A key difference is that users with the Manage Hierarchy permission level cannot approve items leveraging the Publishing Approval workflow or Content Approval features.
View Only — View pages, list items, and documents. If the document has a server-side file handler available, users can only view the document by using that file handler. Again, this permission level is based on the Read permission, but it doesn’t have all the same permissions. A few key distinctions are that users with this permission level will not be able to open list and document library items, browse user information, or use client integration.
Approve — Edit and approve pages, list items, and documents. For Publishing sites only. This permission level is designed to work with the Publishing Approval workflow template. Users and groups with this permission level will be able to edit and approve items submitted, and leverage the Publishing Approval workflow. They will also be able to approve items in lists and document libraries that have Content Approval enabled.
Manage Hierarchy — Create sites; edit pages, list items, and documents. For Publishing sites only. Similar to the Design permission, this permission level allows users to edit the design and components that make up the site. This permission level does not include all the permissions that users with the Design permission level have. A key difference is that users with the Manage Hierarchy permission level cannot approve items leveraging the Publishing Approval workflow or Content Approval features.
No comments:
Post a Comment