Default SharePoint groups in SharePoint Server
When you create a site, SharePoint automatically creates groups for the site, and assigns permission levels to the groups. These are known as the default SharePoint groups. Because they represent the most common levels of access that users need, the default groups and their associated permission levels are a good place to start when you add users to a SharePoint site. To learn more about permission levels, see Understanding permission levels.
As an administrator, you can add your own custom groups to more closely align with the requirements of your organization. Deciding how to design and populate SharePoint groups is an important decision that affects your site and content security.
In this article
Default SharePoint groups
SharePoint groups enable you to manage access for sets of users instead of individual users. SharePoint groups are usually composed of many individual users, but a group can also hold one or more Windows security groups. For example, you might add the Windows security group for your team to a SharePoint group, to grant access to the whole team at the same time. When you add users or Windows security groups to a SharePoint group, the added users are assigned the same permission level.
If you'd like more information about how to work with the Windows security and distribution groups that are included in Active Directory Domain Services, see Choose security groups (SharePoint Server 2010).
SharePoint assigns a permission level to each default SharePoint group automatically. The permission level applies to all the members of that group. To learn more about the specific permissions in permission levels, see Understanding permission levels.
You can customize default SharePoint groups by assigning them any permission level that you want. You can also create a SharePoint group and assign it the permission levels that you want.
The following table shows the default SharePoint groups and their assigned permission levels.
| SharePoint groups | Default permission level |
| Approvers | Approve |
| <site name> Members | Contribute or Edit, depending on the site template |
| <site name> Owners | Full Control |
| <site name> Visitors | Read |
| Designers | Design, Limited Access |
| Hierarchy Managers | Manage Hierarchy |
| Restricted Readers | Restricted Read |
| Style Resource Readers | Limited Access |
| Viewers | View Only |
| Quick Deploy Users | Contribute |
If you are on a public website, you will see <site name> Members in your list of SharePoint groups. For example, if Contoso Retail is the name of the website, you'll see Contoso Retail Members. This is also true if you are on a subsite that has unique permissions. As your site grows, you may notice multiple <site name> Members, Visitors, or Owners groups while looking in site permissions from your site collection root. Each group is prefixed with the name of the site, for example Contoso Retail Members, and Contoso Charities Members may both be present.
There are several times when the site name is added to the group name. These are:
-
When you break permissions inheritance on subsites that had previously inherited permissions
-
When you create new groups for a specific site
-
When you create new sites.
In all cases, the site name before the SharePoint group indicates the name of the site to which the group belongs, so Contoso Charities Members belongs to the Contoso Charities site.
Tip: You can change the names that SharePoint automatically assigns to these groups at any time.
Roles for SharePoint groups
The following table shows suggested uses for default SharePoint groups
| Group name | Permission level) | Use this group for people who |
| Approvers | Approve | Approve documents, pages, and list items. |
| Owners | Full Control | Manage site permissions, settings, and appearance. |
| Members | Contribute or Edit | Edit site content. |
| Visitors | Read | View site content, but not edit it. |
| Designers | Design | View, add, update, delete, approve, and customize the site. |
| Hierarchy Managers | Manage Hierarchy | Create sites and edit pages, list items, and documents. |
| Restricted Readers | Restricted Read | View pages and documents but not versions or permissions. |
| Style Resource Readers | Restricted Read | Need only Limited Access to the Style Library and Master Page Gallery. |
| Viewers | View Only | Need to see content but not edit or download it. |
| Quick Deploy Users | Contribute | Schedule Quick Deploy jobs. |
Note: The Style Resource Readers group contains a Windows security group named NT Authority/Authenticated Users. This means that all authenticated users can display SharePoint master pages and styles for the pages on your site.
Special SharePoint groups
Special SharePoint groups support high-level administration tasks, such as assigning permission levels to a group.
Important: To guarantee full site functionality, make sure that there is always a group of users who have Full Control to the site collection. In addition, make sure that these users appear on the list of site collection administrators.
Site collection administrators
Site Collection administrators are not a SharePoint group. However, because they have Full Control on all sites in a site collection, they are mentioned here.
A SharePoint site can have primary and secondary site collection administrators. If you are a site collection administrator, you can also designate additional site collection administrators. These users are the main contacts for the complete site collection. Site collection administrators have full control of all sites within the site collection and can audit all site content. In addition, they receive administrative alerts about site activity, such as whether a site is active.
No comments:
Post a Comment