Give users access to a SharePoint site

As a site owner, you can give users access to a Microsoft Office SharePoint Server 2007 site and control what users can do there. This article explains the basics of site permissions and how to use them to add users to a site.

What do you want to do

Learn about groups and permission levels

Create and configure groups

Add users to groups

Try it online with Test Drive

Learn about groups and permission levels

One of the fundamental responsibilities of a site owner is to control who can access the site, who can work with site content, and who can make changes to the pages and functionality on the site. As a site owner, you can give some employees permission to read and change site content, and then give other employees only permission to read site content.

For example, on a site that describes employee benefits, the site owner wants only the people in the employee-relations department to add or update information on the site. However, everyone in the larger organization should be able to view the information. Granting specific permission to groups of people enables the site owner to control who can view data, who can add or change information, and who can manage content on the site.

Giving users access to a site requires the following steps:

  1. Determining who needs access to the site and its content and what they need to be able to do with it.

  2. Creating or customizing SharePoint groups for the site and assigning permission levels to them, or using the default SharePoint groups.

  3. Adding Windows security groups and user accounts to the SharePoint groups for the site.

To effectively control site access, site owners need to determine who needs access to the site, what level of access they need, and what parts of the site to include in their permissions. The three core default SharePoint groups and their default permission levels are as follows:

  • Owners     This group has the Full Control permission level, which enables group members to make changes to the site content, pages, and functionality. Full Control access should be limited to site owners only.

  • Members     This group has the Contribute permission level, which allow group members to view pages, edit items, submit changes for approval, and delete items from a list.

  • Visitors     This group has the Read permission level, which enables group members to view pages, list items, and documents.

Note   For more information about the default SharePoint groups and permission levels, see Manage permission levels.

In addition to the three core default SharePoint groups, a site owner can create new groups, modify the permission level of any of the groups, or use any combination of the following groups to create more precise access levels for their site:

  • Approvers     Members of this group have permission to publish a major version of a list item (such as a page) from draft to final version and allow it to be accessible to anonymous and restricted users.

  • Designers     This group has access permissions similar to those of site owners. Designers can change the performance, alter the look and feel of the site, and add code to the master page gallery. Designer level access is generally restricted to a small set of Web developers, Web designers, or both.

  • Hierarchy manager     Members of this group have permission to rename sites or move sites within a site collection to change the hierarchy of the site collection. This hierarchy affects the navigation structure of the site, and any pages in the site that use the site navigation will reflect the changes. This group is intended to replace the Channel Manager group in Microsoft Content Management Server (CMS) 2000. If you upgrade from CMS 2000, channel managers are migrated to hierarchy managers.

  • Quick Deploy Users     This group is intended to facilitate quick content updates for sites that have separate authoring and deployment tiers. It enables group members to easily schedule and propagate data from an authoring tier to a production tier.

  • Restricted readers     Members of this group access the site and all of its contents with read-only permissions on the major versions of each list or item. Typically this level of access is given to people who only need to view and read information on a site but never directly contribute to it.

Individual users and SharePoint groups can have different permission levels for different securable objects. For example, you can give a user permission to only read the information that appears on the site. You can then give that same user permission to edit all the files in a library or a folder within a library on the site.

Note   Securable objects include: sites, pages, lists, libraries, folders in lists and libraries, list items, and library files.

Top of Page

Create and configure groups

You are not restricted to using only the default SharePoint groups. If you have a particular requirement that a default group does not meet, you can either create a group or modify an existing group.

Note   If the default SharePoint groups meet the needs of your site, go to Add users to groups.

Create a group

  1. On the home page of the site, click Site Actions, point to Site Settings, and then click People and Groups.

    Note   This step step varies, depending on the template that was used to create the site and customizations made to the site.

  2. On the New menu, click New Group.

  3. Type a name for the group, and then type a brief description of the group's attributes.

  4. To change the owner of the group, type a new account name, or click Browse to find an individual's account name.

  5. In the Group Settings section, click the options to specify who can see the members of this group and who can add or remove members.

  6. In the Membership Requests section, click the options to specify whether you will accept requests to be added or removed from this group, and to add the e-mail address that users can send requests to. If you select Auto-accept requests, users are automatically added or removed when they make a request.

    Important   Outgoing e-mail must be enabled for the site collection by a SharePoint administrator.

  7. In the Give Group Permission to this Site section, select the permission level that you want to allow for this group.

    To create a group that is blocked from accessing your site, clear all the check boxes for permission levels.

  8. Click Create.

    Note   To add users to the group that you just created, see Add users to groups.

Top of Page

Change the permission level of a group

  1. On the home page of the site, click the Site Actions menu, point to Site Settings, and then click People and Groups. This step varies, depending on the template that was used to create the site and customizations made to the site.

  2. On the People and Groups page, in the Quick Launch, click Groups.

  3. On the People and Groups: All Groups page, click the name of the group whose permission level you want to change.

  4. On the People and Groups: Group Name page, click the Settings menu, and then click Group Settings.

  5. On the Change Group Settings page, in the Give Group Permission to this Site section, select the check box next to the permission level that you want to give to the group, and clear the check box next to the permission level that no longer applies to the group.

  6. Click OK.

Top of Page

Add users to groups

Giving users access to your SharePoint site and its content involves adding Windows security groups and users accounts to the SharePoint groups for your site. We recommend using Windows security groups to give users access to your site. It is easier to add and manage a few Windows security groups for a SharePoint group than it is to add and manage many individual user accounts for a SharePoint group.

For example, when the Marketing Windows domain security group is added to the default Members SharePoint group, all users in Marketing are able to read and make changes to site content. As employees join and leave the Marketing team, the organization's IT department adds and removes the employees' user accounts from the Marketing Windows domain security group. The site owner does not need to add and remove the individual user accounts from the Members group for their site.

Your organization's Windows security groups may not meet the needs of your site and you may have to add individual Windows domain user accounts to SharePoint groups for your site. You can add Groups and Users to the same SharePoint group.

To add Windows domain security groups and users accounts to SharePoint groups:

  1. On the home page of the site, click Site Actions, point to Site Settings, and then click People and Groups.

  2. On the People and Groups page, in the Quick Launch, click Groups.

  3. Click the name of the SharePoint group to which you want to add groups and users.

  4. Note   To add all domain user accounts to the group, click Add all authenticated users. For example, you can do this for the default Visitors SharePoint group to give all domain user accounts permission to read the content on your site.

  5. Verify that Add users to a SharePoint group is selected and that the correct group is selected, and then click OK. We recommend that you use SharePoint groups when possible to give users access to your site. In rare cases, you may need to give individual permissions to a user by clicking Give users permission directly. However, assigning individual permission levels to large numbers of users can quickly become difficult and time-consuming to manage.

  6. If you want to send an e-mail message to new users, click Send welcome e-mail to new users.

    Note   Outgoing e-mail must be enabled for the site collection by a SharePoint administrator. If Send welcome e-mail to new users is selected and outgoing e-mail is not enabled, the groups and users will be added to the SharePoint group and an error message will appear indicating that the e-mail could not be sent.

  7. Click OK.

Top of Page

Try it online with Test Drive

Test Drive provides a free online evaluation environment of Microsoft Office programs, such as SharePoint Server 2007.

Important   Click Enterprise Content Management with Office SharePoint Server on the Test Drive site.

Top of Page

Applies To: SharePoint Server, SharePoint Server 2007



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Support resources

Change language