Default SharePoint groups in SharePoint Server

When you create a site, SharePoint automatically creates groups for the site, and assigns permission levels to the groups. These are known as the default SharePoint groups. Because they represent the most common levels of access that users need, the default groups and their associated permission levels are a good place to start when you add users to a SharePoint site. To learn more about permission levels, see Understanding permission levels.

As an administrator, you can add your own custom groups to more closely align with the requirements of your organization. Deciding how to design and populate SharePoint groups is an important decision that affects your site and content security.

In this article

Default SharePoint groups

Roles for SharePoint groups

Special SharePoint groups

Site collection administrators

Default SharePoint groups

SharePoint groups enable you to manage access for sets of users instead of individual users. SharePoint groups are usually composed of many individual users, but a group can also hold one or more Windows security groups. For example, you might add the Windows security group for your team to a SharePoint group, to grant access to the whole team at the same time. When you add users or Windows security groups to a SharePoint group, the added users are assigned the same permission level.

If you’d like more information about how to work with the Windows security and distribution groups that are included in Active Directory Domain Services, see Choose security groups (SharePoint Server 2010).

SharePoint assigns a permission level to each default SharePoint group automatically. The permission level applies to all the members of that group. To learn more about the specific permissions in permission levels, see Understanding permission levels.

You can customize default SharePoint groups by assigning them any permission level that you want. You can also create a SharePoint group and assign it the permission levels that you want.

The following table shows the default SharePoint groups and their assigned permission levels.

SharePoint groups

Default permission level

Approvers

Approve

<site name> Members

Contribute or Edit, depending on the site template

<site name> Owners

Full Control

<site name> Visitors

Read

Designers

Design, Limited Access

Hierarchy Managers

Manage Hierarchy

Restricted Readers

Restricted Read

Style Resource Readers

Limited Access

Viewers

View Only

Quick Deploy Users

Contribute

If you are on a public website, you will see <site name> Members in your list of SharePoint groups. For example, if Contoso Retail is the name of the website, you’ll see Contoso Retail Members. This is also true if you are on a subsite that has unique permissions. As your site grows, you may notice multiple <site name> Members, Visitors, or Owners groups while looking in site permissions from your site collection root. Each group is prefixed with the name of the site, for example Contoso Retail Members, and Contoso Charities Members may both be present.

There are several times when the site name is added to the group name. These are:

  • When you break permissions inheritance on subsites that had previously inherited permissions

  • When you create new groups for a specific site

  • When you create new sites.

In all cases, the site name before the SharePoint group indicates the name of the site to which the group belongs, so Contoso Charities Members belongs to the Contoso Charities site.

Tip    You can change the names that SharePoint automatically assigns to these groups at any time.

For more information about permissions inheritance and permission levels, see Introduction: Control user access with permissions.

Roles for SharePoint groups

The following table shows suggested uses for default SharePoint groups

Group name

Permission level)

Use this group for people who

Approvers

Approve

Approve documents, pages, and list items.

Owners

Full Control

Manage site permissions, settings, and appearance.

Members

Contribute or Edit

Edit site content.

Visitors

Read

View site content, but not edit it.

Designers

Design

View, add, update, delete, approve, and customize the site.

Hierarchy Managers

Manage Hierarchy

Create sites and edit pages, list items, and documents.

Restricted Readers

Restricted Read

View pages and documents but not versions or permissions.

Style Resource Readers

Restricted Read

Need only Limited Access to the Style Library and Master Page Gallery.

Viewers

View Only

Need to see content but not edit or download it.

Quick Deploy Users

Contribute

Schedule Quick Deploy jobs.

Note    The Style Resource Readers group contains a Windows security group named NT Authority/Authenticated Users. This means that all authenticated users can display SharePoint master pages and styles for the pages on your site.

Top of Page

Special SharePoint groups

Special SharePoint groups support high-level administration tasks, such as assigning permission levels to a group.

Important    To guarantee full site functionality, make sure that there is always a group of users who have Full Control to the site collection. In addition, make sure that these users appear on the list of site collection administrators.

Top of Page

Site collection administrators

Site Collection administrators are not a SharePoint group. However, because they have Full Control on all sites in a site collection, they are mentioned here.

A SharePoint site can have primary and secondary site collection administrators. If you are a site collection administrator, you can also designate additional site collection administrators. These users are the main contacts for the complete site collection. Site collection administrators have full control of all sites within the site collection and can audit all site content. In addition, they receive administrative alerts about site activity, such as whether a site is active.

Top of Page

Applies To: SharePoint Server 2013 Preview, SharePoint Server 2013 Enterprise



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Support resources

Change language