Default SharePoint Groups
Default SharePoint Groups
SharePoint groups enable you to manage access for sets of users instead of individual users. SharePoint groups are usually composed of many individual users, but a group can also hold one or more Windows security groups. For example, you might add the Windows security group for your team to a SharePoint group, to grant access to the whole team at the same time. When you add users or Windows security groups to a SharePoint group, the added users are assigned the same permission level.
SharePoint assigns a permission level to each default SharePoint group automatically. The permission level applies to all the members of that group.
You can customize default SharePoint groups by assigning them any permission level that you want. You can also create a SharePoint group and assign it the permission levels that you want.
The following table shows the default SharePoint groups and their assigned permission levels.
SharePoint Groups | Default Permission Level |
---|---|
Approvers | Approve |
Contribute or Edit, depending on the site template | |
Full Control | |
Read | |
Designers | Design, Limited Access |
Hierarchy Managers | Manage Hierarchy |
Restricted Readers | Restricted Read |
Style Resource Readers | Limited Access |
Viewers | View Only |
Quick Deploy Users | Contribute |
If you are on a public website, you will see
There are several times when the site name is added to the group name. These are:
- When you break permissions inheritance on subsites that had previously inherited permissions
- When you create new groups for a specific site
- When you create new sites.
In all cases, the site name before the SharePoint group indicates the name of the site to which the group belongs, so Contoso Charities Members belongs to the Contoso Charities site.
Tip: You can change the names that SharePoint automatically assigns to these groups at any time.
Roles for SharePoint Groups
The following table shows suggested uses for default SharePoint groups:
Group Name | Permission Level | Use this group for people who |
---|---|---|
Approvers | Approve | Approve documents, pages, and list items. |
Owners | Full Control | Manage site permissions, settings, and appearance. |
Members | Contribute or Edit | Edit site content |
Visitors | Read | View site content, but not edit it. |
Designers | Design | View, add, update, delete, approve, and customize the site. |
Hierarchy Managers | Manage Hierarchy | Create sites and edit pages, list items, and documents. |
Restricted Readers | Restricted Read | View pages and documents but not versions or permissions. |
Style Resource Readers | Restricted Read | Need only Limited Access to the Style Library and Master Page Gallery. |
Viewers | View Only | Need to see content but not edit or download it. |
Quick Deploy Users | Contribute | Schedule Quick Deploy jobs. |
Special SharePoint Groups
Special SharePoint groups support high-level administration tasks, such as assigning permission levels to a group.
Important: To guarantee full site functionality, make sure that there is always a group of users who have Full Control to the site collection. In addition, make sure that these users appear on the list of site collection administrators.
Site Collection Administrators
Site Collection administrators are not a SharePoint group. However, because they have Full Control on all sites in a site collection, they are mentioned here.
A SharePoint site can have primary and secondary site collection administrators. If you are a site collection administrator, you can also designate additional site collection administrators. These users are the main contacts for the complete site collection. Site collection administrators have full control of all sites within the site collection and can audit all site content. In addition, they receive administrative alerts about site activity, such as whether a site is active.