Home |Tutorials |Products |Contact |

SharePoint Tutorial - Security

Users, Groups and Roles
Security Structure and Flow

Security in SharePoint is comprised of users, groups and roles.

 

Users, Groups and Roles

Users
A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

Groups
There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Domain groups can come from Active Directory much like user accounts and are created and maintained there. An Active Directory group may contain Active Directory users and other Active Directory Groups.

SharePoint groups are created and maintained in SharePoint. A SharePoint group can contain user accounts and domain groups. A SharePoint group can not contain other SharePoint groups.

Roles
Access is granted or restricted through permissions grouped to form a role. The following roles are included in SharePoint out-of-the-box:

 

  • Full Control - Has full control.
  • Design - Can view, add, update, delete, approve, and customize.
  •  Manage Hierarchy - Can create sites and edit pages, list items, and documents.
  • Approve - Can edit and approve pages, list items, and documents.
  • Contribute - Can view, add, update, and delete.
  • Read - Can view only.
  • Restricted Read - Can view pages and documents, but cannot view historical versions or review user rights information.
  • Limited Access - Can view specific lists, document libraries, list items, folders, or documents when given permissions.
  • View Only - Members of this group can view pages, list items, and documents. If the document has a server-side file handler available, they can only view the document using the server-side file handler.

Security Structure and Flow

In SharePoint all objects inherit their security settings from its parent by default. For example, when a library is created in a site the library will inherit the security settings of the site unless otherwise specified. The same would go for documents within the library.

If you modify the security of the object in any way then the inheritence is broken but not before SharePoint imports all the parent settings to the child. Afterwards any updates made to the parent will not be passed down to the child.



 



Improve the Sharepoint user experience with our  products and web parts
 
Protocol Handler.NET

ODBC Handler.NET

Boolean Search Web Part

Weather.com Web Part

Weather.msn.com Web Part
Improve the Sharepoint user experience with our  products and web parts
 
Protocol Handler.NET

ODBC Handler.NET

Boolean Search Web Part

Weather.com Web Part

Weather.msn.com Web Part