Roadmap for giving users access to SharePoint Server 2007 sites and site content

As a site owner, you can give users access to a Microsoft Office SharePoint Server 2007 site and its content and control what they can do with it, also referred to as managing permissions. This roadmap is a guide to giving and restricting users' access to sites and site content. Familiarize yourself with the roadmap by clicking the links below.

The roadmap is designed for individuals who are managing permissions for an Office SharePoint Server 2007 site but who are not IT professionals. If you are an IT professional, TechNet may better meet your needs.

Important   To manage SharePoint site permissions, you must have the Full Control permission level for the site. You have this permission level if you can access the Sites Settings page for the site and the page contains the Users and Permissions column. For information about accessing the Site Settings page, see the article Work with site settings.

If your site is based on Windows SharePoint Services 3.0, see WSS 3.0 Help and How-to. You can check your version of SharePoint Products and Technologies by clicking the Help icon Icon image on your site.

Security concepts and planning

This section provides conceptual and planning information about giving users access to your SharePoint site and its content.

Concepts

It's important that you understand the security concepts of Office SharePoint Server 2007 before using the procedures in the subsequent sections. These brief articles will help you to understand the core concepts of SharePoint security.

What do you want to explore?    

Concepts

Description

Introduction to controlling access to sites and site content

Provides conceptual information about:

  • Creating the permissions structure for your site.

  • How to begin managing security for SharePoint.

  • How security elements, such as permissions and groups, are assigned to a securable object, such as a site or list item.

  • The relationship between a SharePoint site hierarchy and permissions inheritance.

Introduction to managing SharePoint groups and users

Provides conceptual information about using SharePoint groups to manage who can access a SharePoint site and its content and what they can do with that site and site content.

How your permissions affect what you can see in SharePoint 2007

Provides conceptual information about how a user's permissions for a site affects what they see on a site.

Planning

It's important that you plan who needs access to a site and site content and what tasks those people need to be able to perform on the site before using the procedures in the subsequent sections. The following articles will help you plan security for your SharePoint site and its contents.

What do you want to explore?    

Goal

Description

Plan site security

Helps you to understand the elements of site security and how permissions are assigned. It also helps you choose which levels of site security to use in your site collection or subsite.

Determine permission levels and groups to use

Reviews the default permission levels and groups and helps you determine whether you need additional permission levels or groups.

Choose which security groups to use

Helps you determine which Microsoft Windows security groups and user accounts to use to grant access to sites, decide whether to use the All Authenticated Users group, and decide whether to allow anonymous access.

Typical steps for giving users access to a site and its content

This section provides the typical steps required to give users access to your SharePoint site and its content. The section uses default SharePoint groups. If this does not meet your needs, see More options for giving users access to a site and its content.

Step 1) Import users into Office SharePoint Server 2007

The first step in giving users access to your SharePoint site and its content is for a SharePoint server administrator to import Windows security groups and users accounts into Office SharePoint Server 2007 by using Central Administration. The import can be configured to occur on a schedule so that changes are automatically picked up by Office SharePoint Server 2007. For information about importing users into Office SharePoint Server 2007, see Import user profiles.

Note   Windows security groups and users accounts will not be available in Office SharePoint Server 2007 if the import is not performed.

Step 2) Configure permission inheritance

The second step in giving users access to your SharePoint site and its content is configuring your subsite either to inherit permissions from its parent site or to use unique permissions. (If your site is a top level site, it always has unique permissions.) Configure your subsite in one of these ways:

  • Inherit permissions    If the permissions, permissions levels, users, and groups of its parent site meet the needs of the subsite, configure your subsite to inherit permissions. Managing permissions for the subsite is performed at the parent site, freeing you from this task.

  • Use unique permissions    If inheriting permissions from its parent site does not meet the needs of the subsite, possibly because of organizational requirements or regulatory compliance, configure your subsite to use unique permissions.

You configure a subsite either to inherit permissions or to use unique permissions when you create it. For more information see, see Create a site. You can change if a subsite inherits or has has unique permissions. For more information, see the next section, Removing and restoring site permission inheritance.

Whether a site inherits permissions or has unique permissions does not affect whether site content inherits or has unique permissions. By default, site content inherits the permissions of its parent. For example, by default a document library has the same permissions as the site that contains it.

Note   Site content includes lists, libraries, pages, folders, list items, and library files.

If you create unique permissions for site content, you have to manage permissions for it separately. For more information, see More options for giving users access to a site and its content.

Step 3) Add users to default SharePoint groups

The final step in giving users access to a SharePoint site and its content involves adding Windows security groups and user accounts to SharePoint groups for the site. For more information, see Give users access to a site or the Add users to a SharePoint group demo from SharePointHosting.com.

Note   This step is not applicable if the site is configured to inherit permissions.

More options for giving users access to a site and its content

If you or someone in your organization previously configured permissions for your site and its contents, or if you are unsure of the situation, the step-by-step approach to customizing user access outlined in the previous section may not meet your needs. This section provides more options for customizing user access to a SharePoint site and site content.

Remove and restore site permissions inheritance

Give users access to your site and its content by configuring your subsite either to inherit permissions from its parent site or to use unique permissions. If your site is a top-level site, it always has unique permissions.

What do you want to explore?    

Goal

Description

Remove permission inheritance from subsite

A demo from SharePointHosting.com about stopping the inheritance of permissions from a site to a subsite.

Note   When you remove inheritance from a subsite, the permissions, permissions levels, users, and groups that have already been inherited by the subsite will be retained by the subsite. Subsequent changes to the subsite's permissions, permissions levels, users, and groups will be unique to the subsite and any sites that inherit permissions from the subsite.

Restore Permission Inheritance

A demo from SharePointHosting.com about restoring the inheritance of permissions from a site to a subsite.

Important   Restoring permissions inheritance for a subsite discards custom permissions, permissions levels, users, and groups that were created for the subsite.

Give and remove user access to a site

Give users access to your site and control what they can do there by managing SharePoint group, user, and anonymous access.

What do you want to explore?    

Goal

Description

Give users access to a site

Provides information about the processes required to give users access to a SharePoint site, including:

  • Creating SharePoint groups

  • Assigning permission levels to groups

  • Adding users to groups

  • Changing the permission levels for a group

Add users to a site

A demo from SharePoint-Screencasts.com about giving users access to a SharePoint site, including how to:

  • Create SharePoint groups

  • Assign permission levels to groups

  • Add users to groups

The demo also provides examples of how the user interface differs for common permission levels. This is also referred to as security-trimmed UI.

Note   Requires Windows Media Player

Remove users and groups from site access

Provides information about removing access to a site and its content for specific users.

Enable anonymous access

Provides information about enabling anonymous access on SharePoint sites, including:

  • What anonymous access is.

  • Why you might want to use it.

  • What you may want to consider before enabling it.

  • Prerequisites for enabling it.

  • Procedures for enabling it.

How users can request access to a site and its content

Give users the ability to automatically request access to a site and site content by enabling the the Request Access feature.

What do you want to explore?    

Goal

Description

Get access to a SharePoint site

Provides information about how a user gets access to a SharePoint site, including the Access Requests feature.

Manage access requests

A demo from SharePointHosting.com about enabling the Access Requests feature. When a user attempts to access a site for which they don't have permission, an Error - Access Denied page is displayed. If Access Requests is enabled, there will be a Request Access link on the page.

Note   Outgoing e-mail must be enabled in SharePoint Central Administration by a server administrator before you can turn on Access Requests. For information about enabling outgoing e-mail, see Configure outgoing e-mail settings.

Manage unique permissions for site content

If you have sensitive information stored in a particular securable object, such as a list or document, and you do not want to expose that information to all users of a site, you can assign specific SharePoint groups and users just the specific permissions that you want them to have on a particular securable object.

What do you want to explore?    

Goal

Description

Customizing user access to lists and libraries

Provides procedural information about managing permissions on lists and libraries.

Customizing user access to folders, list items, and library files

Provides procedural information about managing permissions on folders in list and libraries, list items, and library files.

Configure which items in a list users can read and edit

Provides procedural information about configuring which items in a list users can read and edit, such as calendar appointments in a calendar list.

Reference

Reference

Description

Permission levels

Provides conceptual and procedural information about creating, copying, editing, deleting, and inheriting permissions for Office SharePoint Server 2007.

Permission levels and permissions

Provides detailed conceptual information about Windows SharePoint Services 3.0:

  • Default permission levels

  • SharePoint site, list, and personal permissions

  • Dependencies between permissions

Note   The Windows SharePoint Services 3.0 permission levels are are a subset of the Office SharePoint Server 2007 permission levels.

View users and SharePoint groups and edit the Quick Launch group list

Provides information about viewing all users who have been granted access to a site as well as viewing all SharePoint groups for the site. It also provides information about editing the group list to control which groups appear under the Groups heading on the Quick Launch on the People and Groups pages.

Applies To: SharePoint Server 2007, SharePoint Server



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Support resources

Change language