Search This Blog

Sunday, May 31, 2015

Security Groups in SharePoint/User permissions and permission levels

Security Groups in SharePoint
We can manage users of SharePoint sites more efficiently if you assign permission levels to groups instead of to individual users. A SharePoint group is collection of individual users and also includes the Active Directory Service groups.
For Example :
Just assume that a organization have a Active Directory  and SharePoint Server.
  1. Active Directory is a server and it maintain users and groups of an organization.
  2. Active Directory commonly uses the following groups.
    1. Distribution Group: This groups used only for e-mail distribution and the security is not enabled on it.
    2. Security Group: A Group that can be listed in discretionary access control list (DACLs). It can also used as an e-mail entity.
  3. Suppose I just created IT-Development Security group in my active directory and added the IT development team.

Now we have IT-Development group in the AD so we can give permission to all the IT Team on any SharePoint Site by simply add the IT-Development group to SharePoint Site Members group.

Adding Security groups to SharePoint Group provides centralized management of Groups and Security.  Once you add the security group ( IT-Development) to a SharePoint Group, we don’t have to manage security group members in the SharePoint Group. If we delete a member from the IT-Development security group, then user will automatically removed from the SharePoint Group. I can say it’s easiest way to giving the permission to users to SharePoint sites rather than individual IT-Development users.

User permissions and permission levels in SharePoint 2013

User permissions and permission levels in SharePoint 2013

Permission levels in SharePoint

Limited Access

They can view Application Pages, Browse User Information, Use Remote Interfaces, and Use Client Integration Features etc.

Reader

Limited Access permissions plus: View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, and View Pages.

Contributor

Read permissions plus: Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts.

Design

Contribute permissions plus: Manage Lists, Override Check Out, Approve Items, Add and Customize Pages, Apply Themes and Borders, Apply Style Sheets.

Administrator

Has full control of the Web site.

Full Control

All permissions

Creating Custom Permissions Groups 

  • Site Actions -> Site Settings -> Site Permissions (Users and Permissions)
  • Click on Permission Levels (In Ribbon)
  • Add a Permission Level (Menu)
  • Name = Add or Edit Permission, Check Add Items and Edit Items checkboxes -> Create

To Create a Custom Permission level

  • Site Actions -> Site Settings -> Site Permissions (Users and Permissions)
  • Select Grant Permissions (In Ribbon)
  • Enter the User/Group name. Select Grant user permission directly and check the required permission level.

To Create a Custom Permissions for Lists / Libraries or ListItems

  • By default, the permission given to the site automatically applies to the Lists as well. We can override these settings and give permissions
  • Open List -> Settings -> List Settings -> Permissions for this list


No comments:

Post a Comment