In this article we’ll take you through Microsoft 365 SharePoint Permission Groups. We’ll explain how they work, what to consider when assigning them, and some do’s, don’ts, and red flags.

The information below is provided as guidance for information managers and information governance professionals to gain an understanding into the set-up of permissions within Microsoft 365 SharePoint at a Super User / Site Administrator level. 

What are SharePoint Permission Groups and Levels? 

SharePoint Permission Groups and their associated permission levels are used to manage access to SharePoint Sites. 

Users are added to SharePoint groups, then permission levels are assigned to the site and its contents. 

By default, permissions on lists, libraries, folders within lists and libraries, items, and documents are inherited from their parent site. 

You can also set hub permissions so all the sites connected to it inherit the permissions of the hub. 

Here’s a detailed description of the default SharePoint permission groups: 

Permission Group Permission LevelDescriptionDefault permissions
Site AdministratorFull ControlEnables users to have full control of the site including Managing site permissions, settings, and appearance.All permissions
OwnerFull ControlEnables users to have full control of the site including Managing site permissions, settings, and appearance.All permissions
MemberEditCan view, add, update, and delete list items and documents.

Can also add, edit, and delete Lists and Libraries

Read permissions, plus:

Add content

Edit content

Delete content

Delete versions

Add and edit views

Add Libraries and Lists

Edit Libraries and Lists

Delete Libraries and Lists

VisitorReadEnables users to view pages and list items, and to download documents. Can view site content but can’t edit it.View Items

Open Items

View Versions

Create Alerts

View Pages

What alterations can I make to these Permission Groups? 

It is possible to assign unique permissions to individual lists and libraries (even files) at a lower level, although this is not recommended as it can become unruly and difficult to manage. 

You can turn off sharing within a site by the members and limit this to site owners only. Be aware when sharing sites that this could mean you unintentionally grant access to any child sites and their content. 

It is also possible to create your own SharePoint Groups with members you select, and to set custom levels of access. However, SharePoint Groups cannot be nested. While you cannot add a SharePoint Group to another SharePoint Group, you can nest M365 Groups inside a SharePoint Group. 

Want to learn more?

If you’d like to know how to set these up and have a go yourself, our Microsoft 365 SharePoint Super User training course is the best place to start. (Links to course in UK, US, ANZ time zones).

All attendees of this course get access to an individual Microsoft Sandbox (remote training environment) where you can test out the features and functions, follow some example scenarios and have a go at building your own.

Our practical approach to training means that you’ll leave the course feeling confident and able to manage and maintain your own permissions and other Super User admin tasks within your own company / organisation.

Our virtual, instructor-led training courses are conducted in three different time zones. Select the country below that most closely matches your time zone to find out more about this course.