Microsoft Windows SharePoint Services includes 32 user permissions that determine the specific actions that users can perform on the site. Permissions are grouped together into permission levels. In essence, each permission level is a named collection of permissions that can be assigned to SharePoint users and groups. Five default permission levels are available on every site: Read, Contribute, Design, Full Control, and Limited Access. The following table lists default permission levels along with their corresponding permissions in Windows SharePoint Services.
Permission Level | Description | Permissions Included by Default |
---|---|---|
Limited Access | Allows access to shared resources in the Web site so that users can access an item within the site. Designed to be combined with fine-grained permissions to provide users with access to a specific list, document library, item, or document without giving users access to the entire site. Cannot be customized or deleted. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open |
Read | Allows read-only access to the Web site. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages |
Contribute | Allows users to create and edit items in existing lists and document libraries. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts |
Design | Allows user to create lists and document libraries as well as edit pages in the Web site. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts Manage Lists, Override Check Out, Approve Items, Add and Customize Pages, Apply Themes and Borders, Apply Style Sheets |
Full Control | Allows full control | All permissions |
You can create new permission levels that contain specific permissions as well as change which permssions are included in the default permissions levels, with a few exceptions. While it is not possible to remove permissions from the Limited Access and Full Control permission levels, your SharePoint administrator can make specific permissions unavailable for the entire Web application by using SharePoint Central Administration. If you are a SharePoint administrator and wish to do this, in SharePoint Central Administration from the Application Management tab, select User Permissions for Web Application, choose the Web application, and then clear the check boxes for those permissions you’d like to disable.
Depending on the scope, user permissions in Windows SharePoint Services can be grouped into three categories: list permissions, site permissions, and personal user permissions. The following table lists user permissions in Windows SharePoint Services, detailing their scope, permission dependencies, and the permissions levels that they are included into by default.
Permission | Description | Scope | Dependent Permissions | Included in These Permission Levels by Default |
---|---|---|---|---|
Add and Customize Page | Add, change, or delete HTML pages or Web Part Pages; edit the Web site by using a Windows SharePoint Services–compatible editor. | Site | View Items, Browse Directories, View Pages, Open | Design, Full Control |
Add Items | Add items to lists, documents to document libraries, and Web discussion comments. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Add/Remove Personal Web Part | Add or remove personal Web Parts on a Web Part Page. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Apply Style Sheets | Apply a style sheet (.css file) to the Web site. | Site | View Pages, Open | Design, Full Control |
Apply Themes and Borders | Apply a theme or borders to the entire Web site. | Site | View Pages, Open | Design, Full Control |
Approve Items | Approve minor versions of list items or documents. | List | Edit Items, View Items, View Pages, Open | Design, Full Control |
Browse Directories | Enumerate files and folders in a Web site by using Microsoft Office SharePoint Designer and Web DAV interfaces. | Site | View Pages, Open | Contribute, Design, Full Control |
Browse User Information | View information about users of the Web site. | Site | Open | All |
Create Alerts | Create e-mail alerts. | List | View Items, View Pages, Open | Read, Contribute, Design, Full Control |
Create Groups | Create a group of users that can be used anywhere within the site collection. | Site | View Pages, Browse User Information, Open | Full Control |
Create Subsites | Create sub-sites such as team, Meeting Workspace, and Document Workspace sites. | Site | View Pages, Browse User Information, Open | Full Control |
Delete Items | Delete items from a list, documents from a document library, and Web discussion comments in documents. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Delete Versions | Delete past versions of list items or documents. | List | View Items, View Versions, View Pages, Open | Contribute, Design, Full Control |
Edit Items | Edit items in lists, documents in document libraries, and-Web discussion comments in documents; customize Web Part Pages in document libraries. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Edit Personal User Information | Users can change their own user information, such as adding a picture. | Site | Browse User Information, Open | Contribute, Design |
Enumerate Permissions | Enumerate permissions in the Web site, list, folder, document, or list item. | Site | Browse Directories, View Pages, Browse User Information, Open | Full Control |
Manage Alerts | Manage alerts for all users of the Web site. | Site | View Items, View Pages, Open | Full Control |
Manage Lists | Create and delete lists, add or remove columns in a list, and add or remove public views of a list. | List | View Items, View Pages, Open, Manage Personal Views | Design, Full Control |
Manage Permissions | Create and change permission levels on the Web site; assign permissions to users and groups. | Site | View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
Manage Personal Views | Create, change, and delete personal views of lists. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Manage Web Site | Perform all administration tasks and manage content for the Web site. | Site | View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
Open | Open a Web site, list, or folder to access items inside that container. | Site | None | All |
Open Items | View the source of documents with server-side file handlers. | List | View Items, View Pages, Open | Read, Contribute, Design, Full Control |
Override Check Out | Discard or check in a document that is checked out to another user without saving the current changes. | List | View Items, View Pages, Open | Design, Full Control |
Update Personal Web Parts | Update Web Parts to display personalized information. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Use Client Integration Features | Use features that launch client applications; without this permission, users must work on documents locally and then upload their changes. | Site | Use Remote Interfaces, Open | All |
Use Remote Interfaces | Use SOAP, Web DAV, or Office SharePoint Designer interfaces to access the Web site. | Site | Open | All |
Use Self-Service Site Creation | Create a Web site by using Self-Service Site Creation. | View Pages, Browse User Information, Open | Read, Contribute, Design, Full Control | |
View Application Pages | View forms, views, and application pages; enumerate lists. | List | Open | All |
View Items | View items in lists, documents in document libraries, and Web discussion comments. | List | View Pages, Open | Read, Contribute, Design, Full Control |
View Pages | View pages in a Web site. | Site | Open | Read, Contribute, Design, Full Control |
View Usage Data | View reports on Web site usage. | Site | View Pages, Open | Full Control |
View Versions | View past versions of list items or documents. | List | View Items, Open Items, View Pages, Open | Read, Contribute, Design, Full Control |