top of page

How Microsoft SharePoint Online Permission Works ?

In our last blog we learnt about how to create Sharepoint site and what are the different types of site that we can create in sharepoint based on our requirements. If you have not read that article, I will recommend you to have a quick read in the link below:

Now, let's talk about how Microsoft SharePoint Online permission works ?

This is a critical topic that everyone should understand thoroughly, because we can easily grant incorrect permissions without fully understanding the requirements, resulting in unauthorised access to sensitive information that was stored.


Microsoft SharePoint has default permissions created based on the site level. You can either add users or groups to the specific default permission levels or can customize the permissions as well.

So, there are three Site level permissions by default,

  • Site Owners – Full control , which has complete control on the site to add,edit,remove actions

  • Site Members – Limited control, they will have specific access permissions and restrictions to a certain level.

  • Site Visitors – no control, they will have only read access, where they cannot modify or do any changes , its only for reading purposes.

Based on these permission levels, administrator or the team can manage the Sharepoint on a site level which is also called the Top level in a sharepoint structure.

Now, lets dive little deeper into Sharepoint permission levels, has I mentioned before we can customise the Sharepoint permissions and there are different hierarchy Sharepoint structure levels.

We can customize the permission levels in terms of site, document library or folder level specified like the above tabular column. Lets, take a scenario where an administrator decides that he wants to split the permission levels and make it more restrictive and specific to a particular group, then they have all the options to assign only specific permissions.


i) Full Control – As the term suggests, we will have full control on the particular Site or Document or File etc., no restrictions in place. We have to make sure only SharePoint experts like administrators have full access on the SharePoint.

ii) Design Access – SharePoint has a developer feature, where Users can design their sites or add additional custom sites etc., Once a person or team is provided with designer access they can add, remove, modify, customize the sharepoint templates based on their design model and also provide approvals for a workflow.

iii) Edit Access – This access can be given for a person or a team to edit a document or content which they might use for their business requirements. So, basically they will have full access on their specific documents or contents but cant do any modifications on the site level, they will be restricted only to their specific document library.

iv) Contribute Access – Contributor access is provided mainly for a project work where multiple people work on a common document, lets take a group of team members are working on a project and they are publishing some contents on the site, then they can be provided a contributor access to add contents, delete or modify based on their project or task requirements. This is also a restrictive access which will not allow them to do any changes on the other folders or site level settings.

v) Read Access – Reader permission as the name indicates, only allowed to view the contents or folder or items in the SharePoint, they cant do any modifications, they will have only viewer permission. This reader permissions are given in large organization when they use an Intranet for communicating common information or news feed about their organization involving a mass audience in one platform.

Now you would have understood how SharePoint permission works and what are the default level permissions and custom level permissions.

Lets see an example of how we can share permissions in a default site.

Once you have created a site in Microsoft SharePoint, you can go to settings which is highlighted as “cog wheel” and then choose Site permissions.

If you observe by default SharePoint has three level of permissions created and also to note they are created on the site name , in this case my site name shows “A1411”.

You can add Users directly to those permission groups and they are by default SharePoint group.

Lets illustrate with one example to showcase how to add members to a particular group, I am providing a Owner access, all we have to do is, select the “A1411 Owners” group, it prompts with a screen showing to “Invite people” you can either type a User name or can specify a specific group (recommended to create a Microsoft365 group and add users into it)

Once you have typed email address of a particular User or a group name, it gets added , you can post a description about this site and invite by adding them to this site.

If you observe the screenshot, there is an option called “show options” when you select the option , it will show a checkbox saying do you want to send an email invitation, so the moment you add a User name and select on “Share” the User will receive an email invitation stating you have been added to a particular site has an owner.

You have to follow the same procedure for other permission levels like members and visitors based on your requirement by adding the users and sending an email invitation or you can untick the box and avoid sending an email invitation as well by assigning permission in silent mode without any notice to the users.

Make a note, in order to do all these permission activity the user should have required SharePoint Administrator permissions.

Now lets see an example of how to assign custom SharePoint Permission levels.

Its always recommended to customize the permission levels which will have more control on the SharePoint site and also the data contents that are stored in it.

For providing custom permissions, we have to follow the same procedure by navigating to SharePoint settings -> Site Permissions --> Choose Advanced Permission settings Then select Permission Levels.

Microsoft SharePoint provides some customized features like Full control, Design, Edit, Contribute, Read etc., but if you feel you have to customize even more then you have to choose “Add a Permission Level” as highlighted in the above picture.

Once you click on “Add a Permission level”, it will take you to a separate template, where you can choose different level of custom permissions that you want by providing a “Name” and “description” then selecting as “Create” . So, it will create a new template with custom permissions in it.

Once its created, you can view under “Permission levels” there will be another template showing the “template name” in our scenario its “Custom Permission”

So, now we have created a custom permission based on our requirements. We have to follow the same procedure as explained in default permissions above , just have to navigate to site permissions page and choose “Grant permissions”

A pop up notification appears in asking you to “invite people” you can select a User or group then you have to check for “select a permission level” tab click on the dropdown list and you should be able to view the custom permission template name highlighted,

Choose the permission level based on our custom template, in our scenario its called the name as “custom permission” then click on share, then users will receive an invite with restricted permissions on the Sharepoint site or document library (folder or file).

You would have understood now, how to create a default and custom SharePoint Permissions.

Finally, lets touch-base on Permission Inheritance which is also very important to understand when we deal with SharePoint permissions.


What is Inheritance ?

As everybody are aware, Inheritance is something that we represent in a Parent-Child relationship.

Similarly in SharePoint, the parent-child connection is represented by the site hierarchy.

A subsite is the child of a site. A document list or library's parent is a subsite. In such circumstances, the child receives traits from the parent.

So, In SharePoint whatever the permissions that we have assigned in the Root Site level will automatically inherit, if there are multiple subsites or child sites created.

We have to be 100% sure of which permissions has to be inherited from the Site level and which permissions should not be inherited to the other sites, because this will automatically lead to permissions issue impacts, where Users from subsites can view contents from Parent site which will create a security issues on the data contents.

Since permissions are automatically inherited, lets quickly check how to break inheritance in a subsite.

1. Go to Site Settings 2. Click on Site Permissions

3. Choose “Advanced Permission settings” 4. Click 'Stop Inheriting Permissions'

Once you follow this step permission inheritance will be stopped and you will be in a safe zone.

Great! we have come to the end of SharePoint permissions, hope you have understood the permission levels, you can always drop us an email or provide your feedback if you have any questions on these topics.

If you would love to learn more , join our community by subscribing the form below to get related notifications on the latest posts.

bottom of page