Read time 5 minutes
Within the domain of SharePoint Online administration, administrators may grant or restrict user access to sites according to requirements and responsibilities. In addition, users can determine the level of access and specific actions they are allowed to perform. In SharePoint’s permission structure, each level provides a tailored approach to granting access to users and groups.
These permission levels range from read-only access for visitors to the extensive capabilities granted to administrators. Understanding the permissions hierarchy is pivotal for administrators. This blog will be your technical guide, helping you out with the complexities of SharePoint site access permissions. We will discuss how to configure and optimize user and group permissions for a secure SharePoint environment.
SharePoint Online permission levels
Some of the important SharePoint Permission levels are:
- Full Control – All SharePoint permissions (by default, Owners Group has this permission).
- Edit – Add, edit/update, delete sites, list items, or documents (by default, Members Group has this permission).
- Contribute – View, add, check SharePoint Online User/Group Permission update, and delete documents/list items.
- Read – View and download items/pages in lists/document libraries.
- View Only – View pages/items/documents, but without downloading.
How to check site access permissions in SharePoint Online?
Using the SharePoint Online admin center, it is quite easy to check SharePoint site access permissions to users and groups on SharePoint Online sites.
Note: This applies to the SharePoint Server 2013 and later versions.
Follow the provided steps to check site access permissions.
- Go to https://www.office.com/?auth=2 and select the SharePoint tile. Then, log in with the administrator credentials.
- Then, go to Active Sites and click on the URL of the desired active site.
- Click the Site Contents option from the left panel on the opened SharePoint site.
- Next, click on Site Settings at the top of the page.
- Now, under the Users and Permissions section, click Site permissions.
- The SharePoint Permissions page will open. Here, you can perform multiple actions like editing the user permissions.
- Grant Permissions: To grant permissions to a user or group.
- Create Group: To create a SharePoint group, add members to it, and assign desired permissions.
- Remove User Permissions: To remove the permissions assigned to the selected SharePoint user or group.
- Edit User Permissions: To modify the permissions assigned to the added SharePoint Online group.
- Just select the desired permission and click OK.
- Benefits
You can still view a user’s access/permissions regardless of whether they were added directly to the site, are a member of SharePoint, or are a member of an Active Directory Group. - Drawbacks
This method’s primary drawback is that it only displays access to one site at a time. Therefore, you must repeat the process for more sites if you wish to check user access on a few.
Read also: How to Add User to Microsoft SharePoint Site 2019/2016?
Checking SharePoint Online User/Group Permission
Checking permissions on the SharePoint site is crucial as it ensures that only authorized users have access to sensitive information. Managing different permissions in SPO can be complicated, but the features of the platform are extremely helpful. This task helps in maintaining data confidentiality and integrity.
To check what permissions are assigned on the SharePoint site, click on the Check Permissions at the top of the SharePoint Permissions page. It will open the Check Permissions dialogue box.
You first need to search and add the desired users or groups in the selected SharePoint site whose permission you want to check.
After adding the desired user/group, click on the Check Now option to provide the permissions to that added user/group.
Here, you will find the permission level and other details associated with the SharePoint user or group.
Note: While checking access permissions for users, it displays permissions for one site at a time for the selected user and while checking for groups, it displays permissions for all sites in the selected group under one site collection at a time.
So, this is how you can get information about the permissions assigned to the user or group.
- Benefits
The method gives you a complete list of the websites that are accessible to the given SharePoint group. So, the process does not need to be repeated on each site independently. - Drawbacks
User members of the SharePoint Security group are the only ones who may use it. If you choose to forego recommended practices and directly add users to the site, this is less of a limitation and more of a reality.
The method displays only the sites that belong to a specific site collection. Repeat the procedure for every distinct site collection.
Modifying permission levels in SharePoint
To modify access controls within SharePoint, it is imperative first to break the inheritance of permissions from the parent site, thus enabling unique permissions for a specific entity such as a list, library, or survey. Following the breaking of permission inheritance, the subsequent steps guide you through the customization of permission levels:
- Access the desired list, library, or survey by opening it directly within SharePoint.
- Transition to the Permissions page specific to the opened list, library, or survey.
- Within the Permissions page, identify the user or group for which permission alterations are intended. Mark the adjacent checkbox to their name in the provided list.
- Start the permission editing process by selecting ‘Edit User Permissions’. This action opens a dialog for permission modifications.
- Within the permissions dialog, designate the desired permission level by checking the corresponding box for the selected users or groups, effectively updating their access rights.
For a detailed understanding and optimal application of permission levels, refer to SharePoint’s documentation on permission levels.
Removing user permissions in SharePoint
The removal of user permissions necessitates the initial step of breaking the inheritance from the parent site to establish unique permissions for the intended list, library, or survey. Upon completing this prerequisite, proceed with the following steps to revoke permissions:
- Open the specific list, library, or survey from which user permissions are to be removed.
- Utilize the earlier mentioned steps to access the Permissions page for the chosen entity.
- From the Name list on the Permissions page, identify and select the checkbox next to the user or group whose permissions are to be removed.
- Finalize the removal process by selecting ‘Remove User Permissions’. This action updates the permissions page, reflecting the absence of access rights for the selected group or user to the specified list, library, or survey.
What are the common permission issues in SPO?
Accessibility Issue
When IT teams grant user permissions, there are often instances when users can’t access the document or folder. In such a case, verify if the user is granted with appropriate permission levels.
If a user has Read permission, they’ll be unable to edit or delete those files or folders in SharePoint. Ensure that the user shouldn’t be accessing the respective file or folder.
Permission inheritance
If permission is not properly inherited from the parent site/library, there will be issues with the user permissions. To avoid this, check if the inheritance is broken and if it is granting permissions to the files and folders.
To do this, go to the settings of the folder or document and then choose Inherit permissions from the parent site/library.
It is always a great idea to check for the SharePoint audit logs if the issue is still there. Always document your permissions to avoid any complications in the future, and make sure your admin team are adept at granting access permissions in a SharePoint site. Regularly review, monitor, and update user roles based on their responsibilities to avoid permission-level problems. Regularly review, monitor, and update user roles based on their responsibilities to avoid permission level problems.
Use automated solution for SharePoint migration
During site migrations, organizations prefer to migrate the assigned permissions along with the data to avoid complexities. Our tool, the Kernel Migration for SharePoint performs this for you. It efficiently migrates SharePoint sites, lists, libraries, etc., to SharePoint Online, along with all the permissions assigned to site users or groups. This SharePoint Migration tool also supports File system to SharePoint, Google Drive to Google Drive, and One Drive to One Drive migrations as well in minimum time with full accuracy. Thus, you have the best solution to migrate SharePoint permissions easily.
Summing up
As we wrap up, this article discussed all about SharePoint site access permissions for users and groups. Consider Kernel Migration for SharePoint for easy SharePoint Online migration. It not only facilitates data migration but also ensures an effortless transition of permissions.
You can use this tool to preserve the integrity of permissions during migration. Use the trial version today to learn about the robust approach to managing site access and optimizing your SharePoint experience.
There was some confusion regarding all the kinds of permission levels in SharePoint, but it is a bit clearer now. Good blogs always develop some level of understanding among the readers. Amazing work and keep them coming.