Permission levels and permissions

In this article

Default permission levels in Windows SharePoint Services 3.0

List, site, and personal permissions

Dependencies and descriptions

Although sites that are built on Windows SharePoint Services often have additional default SharePoint groups, Windows SharePoint Services 3.0 includes five permission levels by default. Each of these permission levels has specific permissions associated with it. As a site owner, you can choose which permissions are associated with these permission levels (except for the Limited Access and Full Control permission levels) or add new permission levels to combine different sets of permissions.

Note   Prior to Windows SharePoint Services 3.0, permission levels were called site groups and SharePoint groups were called cross-site groups.

As a site owner, you can associate permissions with permission levels and also associate permission levels with users and SharePoint groups. Users and SharePoint groups are associated with securable objects such as sites, lists, list items, libraries, folders within lists and libraries, and documents. For more information about assigning permissions in different securable objects, see About controlling access to sites and site content.

The following tables list and describe the permission levels that you can assign to users and SharePoint groups and the permissions you can assign to permission levels. For each permission, the permission level that it is associated with it, by default, is listed. For each permission, any permissions dependent on it are listed, as well as any default permission levels that include the permission.

Default permission levels in Windows SharePoint Services 3.0

Permission Level

Description

Full Control

This permission level contains all permissions. Assigned to the Site name Owners SharePoint group, by default. This permission level cannot be customized or deleted.

Design

Can create lists and document libraries, edit pages and apply themes, borders, and style sheets in the Web site. Not assigned to any SharePoint group, by default.

Contribute

Can add, edit, and delete items in existing lists and document libraries. Assigned to the Site name Members SharePoint group, by default.

Read

Read-only access to the Web site. Users and SharePoint groups with this permission level can view items and pages, open items, and documents. Assigned to the Site name Visitors SharePoint group, by default.

Limited Access

The Limited Access permission level is designed to be combined with fine-grained permissions to give users access to a specific list, document library, item, or document, without giving them access to the entire site. However, to access a list or library, for example, a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. The Limited Access permission level cannot be customized or deleted.

Note   You cannot assign this permission level to users or SharePoint groups. Instead, Windows SharePoint Services 3.0 automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Windows SharePoint Services 3.0 automatically grants them Limited Access on the list, and also the site, if needed.

Top of Page

List, site, and personal permissions

Windows SharePoint Services 3.0 includes 33 permissions, which are used in the five default permission levels. You can change which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels) or create a new permission level to contain a specific set of permissions that you specify.

Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to things like personal views, private Web Parts, etc. The following tables show permissions and the permission levels they are assigned to, by default.

List Permissions

Permission

Full Control

Design

Contribute

Read

Limited Access

Manage Lists

X

X

Override Check-Out

X

X

Add Items

X

X

X

Edit Items

X

X

X

Delete Items

X

X

X

View Items

X

X

X

X

Approve Items

X

X

Open Items

X

X

X

X

View Versions

X

X

X

X

Delete Versions

X

X

X

Create Alerts

X

X

X

X

View Application Pages

X

X

X

X

X

Site Permissions

Permission

Full Control

Design

Contribute

Read

Limited Access

Manage Permissions

X

View Usage Data

X

Create Subsites

X

Manage Web Site

X

Add and Customize Pages

X

X

Apply Themes and Borders

X

X

Apply Style Sheets

X

X

Create Groups

X

Browse Directories

X

X

X

Use Self-Service Site Creation

X

X

X

X

View Pages

X

X

X

X

Enumerate Permissions

X

Browse User Information

X

X

X

X

X

Manage Alerts

X

Use Remote Interfaces

X

X

X

X

X

Use Client Integration Features

X

X

X

X

X

Open

X

X

X

X

X

Edit Personal User Information

X

X

X

Personal Permissions

Permission

Full Control

Design

Contribute

Read

Limited Access

Manage Personal Views

X

X

X

Add/Remove Private Web Parts

X

X

X

Update Personal Web Parts

X

X

X

Top of Page

Dependencies and descriptions

Many permissions are dependent on other permissions. When you select a permission that is dependent on another, the permission on which it is dependent is also automatically selected. Likewise, clearing a permission on which other permissions are dependent also clears the dependent permissions. The following tables describe what each permission is used for and lists dependent permissions, if applicable.

List permissions

Permission

Description

Dependent permissions

Manage Lists

Create and delete lists, add or remove columns in a list, and add or remove public views of a list.

View Items, View Pages, Open, Manage Personal Views

Override Check-Out

Discard or check in a document which is checked out to another user.

View Items, View Pages, Open

Add Items

Add items to lists, add documents to document libraries, and add Web discussion comments.

View Items, View Pages, Open

Edit Items

Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.

View Items, View Pages, Open

Delete Items

Delete items from a list, documents from a document library, and Web discussion comments in documents.

View Items, View Pages, Open

View Items

View items in lists, documents in document libraries, and Web discussion comments.

View Pages, Open

Approve Items

Approve a minor version of a list item or document.

Edit Items, View Items, View Pages, Open

Open Items

View the source of documents with server-side file handlers.

View Items, View Pages, Open

View Versions

View past versions of a list item or document.

View Items, View Pages, Open

Delete Versions

Delete past versions of a list item or document.

View Items, View Versions, View Pages, Open

Create Alerts

Create e-mail alerts.

View Items, View Pages, Open

View Application Pages

View documents and views in a list or document library.

Open

Site permissions

Permission

Description

Dependent permissions

Manage Permissions

Create and change permission levels on the Web site and assign permissions to users and groups.

Approve Items, Enumerate Permissions, Open

View Usage Data

View reports on Web site usage.

Approve Items, Open

Create Subsites

Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.

View Pages, Open

Manage Web Site

Perform all administration tasks for the Web site as well as manage content.

View Pages, Open

Add and Customize Pages

Add, change, or delete HTML pages or Web Part pages, and edit the Web site using a Windows SharePoint Services-compatible editor.

View Items, Browse Directories, View Pages, Open

Apply Themes and Borders

Apply a theme or borders to the entire Web site.

View Pages, Open

Apply Style Sheets

Apply a style sheet (.css file) to the Web site.

View Pages, Open

Create Groups

Create a group of users that can be used anywhere within the site collection.

View Pages, Open

Browse Directories

Enumerate files and folders in a Web site using an interface such as SharePoint Designer or Web-based Distributed Authoring and Versioning (Web DAV).

View Pages, Open

Use Self-Service Site Creation

Create a Web site using Self-Service Site Creation.

View Pages, Open

View Pages

View pages in a Web site.

Open

Enumerate Permissions

Enumerate permissions on the Web site, list, folder, document, or list item.

View Items, Open Items, View Versions, Browse Directories, View Pages, Open

Browse User Information

View information about users of the Web site.

Open

Manage Alerts

Manage alerts for all users of the Web site

View Items, Create Alerts, View Pages, Open

Use Remote Interfaces

Use Simple Object Access Protocol (SOAP), Web DAV, or SharePoint Designer interfaces to access the Web site.

Open

Open

Open a Web site, list, or folder to access items inside that container.

No dependent permissions

Edit Personal User Information

Allow a user to change his or her own user information, such as adding a picture.

Browse User Information, Open

Personal permissions

Permission

Description

Dependent permissions

Manage Personal Views

Create, change, and delete personal views of lists.

View Items, View Pages, Open

Add/Remove Private Web Parts

Add or remove private Web Parts on a Web Part Page.

View Items, View Pages, Open, Update Personal Web Parts

Update Personal Web Parts

Update Web Parts to display personalized information.

View Items, View Pages, Open

Top of Page

Applies To: SharePoint Server 2007



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Support resources

Change language