Summary
Highlights
SharePoint permissions are based on two key components: groups and permission levels. Groups define 'who' has access, acting as containers for users. Permission levels define 'what' those users can do. Assigning a permission level to a group grants those abilities to everyone within that group. The video sets up a scenario for a new 'Time Travel Safety Division' site with four user types: Admins (full control), Tour Guides (edit content), Interns (read-only), and Safety Inspectors (special access).
The process begins by creating a new SharePoint team site, named 'Kronos Tours Safety'. Team sites are chosen because they automatically create a Microsoft 365 group, which establishes a starting permission structure. Upon creation, SharePoint sets up the 'golden triangle' of permission groups: Owners (full control), Members (edit), and Visitors (read).
A crucial point for team sites is that the default Owners and Members groups are tied to a Microsoft 365 group, meaning their permission levels are locked and cannot be changed. The default 'Edit' permission for members, for example, allows deletion of entire document libraries, which might be too much power for some users. The video also touches on adjusting site sharing settings and access requests.
To address the limitations of default groups, the video demonstrates creating a custom group called 'Chrono Tours Tour Guides' with 'Contribute' permission levels. 'Contribute' allows users to add and edit files but prevents them from deleting entire document libraries, offering a safer permission setting. The golden rule emphasized is to always manage people through groups, not individually, for easier administration.
Users can be added to custom groups, such as adding Ashton to the 'Chrono Tours Tour Guides' group. The video shows the difference in a user's interface and capabilities when assigned to a custom 'Contribute' group versus being a site member or visitor, highlighting the restricted options for creating new content or accessing settings. It's also possible to grant permissions directly to individuals or assign them to existing groups, but using groups is recommended for better management.
SharePoint provides a list of predefined permission levels with descriptions of what each allows. These levels can be edited to customize specific permissions by checking or unchecking individual actions. Users can also create entirely new custom permission levels from scratch, defining exactly what actions are allowed.
Permissions in SharePoint trickle down by default (inheritance) from the site to every library, folder, and file. The video demonstrates how to break this inheritance at the document library level to customize permissions for specific libraries. It also shows how to manage access for individual files, preventing certain groups (like visitors) from seeing specific top-secret documents. However, breaking inheritance frequently can lead to more complex management.
SharePoint offers a 'Check Permissions' tool found in the advanced permission settings. This tool allows administrators to input a user's name (or a group's name) and see exactly what permissions they have on the site and where those permissions originate. This is a vital step for verifying changes and diagnosing any permission-related issues.