Skip to main content

Cloud

SharePoint 2007 Permissions –Creating Permissions for New Sites

SharePoint 2007 Permissions –Creating Permissions for New Sites

Introduction

Managing SharePoint permissions can be a tricky subject to fully grasp.On one hand, the ease of point and clicking your way to adding users to sites, lists, and even list items is quite easy to do perform in SharePoint 2007.On the other hand, understanding the implications of this is not so intuitive.Various artifacts such as broken permissions on sites, lists, and list items can also complicate matters.Within this article, we will cover an introduction to administering users on a newly created SharePoint site.A subsequent article will cover adding and editing permissions to an existing site.Hopefully this gives you a good starting point for most commonly seen scenarios when tasked with managing SharePoint 2007 permissions.Before diving in, let’s cover what permissions are available in SharePoint 2007.Please also note that list item permissions will not be covered in this article, as they are a more advanced topic, and not as commonly used.

Available SharePoint 2007 Permissions

First and foremost, in order to manage permissions, you will need to be a site collection administrator, the owner of a site, and/or have the Manage Permissions permission assigned to your user.Available permissions may be observed for a particular site by following these steps:

1.Navigate to the site within a browser.

2.Click on Site Actions -> Site Settings.

3.Click on Advanced Permissions.

4.The existing site users and groups will now be displayed.

5.Click on Settings -> Permission Levels.

6.Click on any one of the Permission Levels shown to view the permissions that are assigned to this role.If the check boxes are grayed out, this means that permissions are being inherited by the parent site within the SharePoint hierarchy.

Out of the box, the available SharePoint permissions are as follows (note that for general purposes, you will not have to interact with these, but rather accept defaults, and hence, the following tables are provided for information only):

List Permissions

 

Manage Lists

Create and delete lists, add or remove columns in a list, and add or remove public views of a list.

Override Check Out

Discard or check in a document which is checked out to another user.

Add Items

Add items to lists, add documents to document libraries, and add Web discussion comments.

Edit Items

Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.

Delete Items

Delete items from a list, documents from a document library, and Web discussion comments in documents.

View Items

View items in lists, documents in document libraries, and view Web discussion comments.

Approve Items

Approve a minor version of a list item or document.

Open Items

View the source of documents with server-side file handlers.

View Versions

View past versions of a list item or document.

Delete Versions

Delete past versions of a list item or document.

Create Alerts

Create e-mail alerts.

View Application Pages

View forms, views, and application pages. Enumerate lists.

 

Site Permissions

 

Manage Permissions

Create and change permission levels on the Web site and assign permissions to users and groups.

View Usage Data

View reports on Web site usage.

Create Subsites

Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.

Manage Web Site

Grants the ability to perform all administration tasks for the Web site as well as manage content.

Add and Customize Pages

Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services-compatible editor.

Apply Themes and Borders

Apply a theme or borders to the entire Web site.

Apply Style Sheets

Apply a style sheet (.CSS file) to the Web site.

Create Groups

Create a group of users that can be used anywhere within the site collection.

Browse Directories

Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.

View Pages

View pages in a Web site.

Enumerate Permissions

Enumerate permissions on the Web site, list, folder, document, or list item.

Browse User Information

View information about users of the Web site.

Manage Alerts

Manage alerts for all users of the Web site.

Use Remote Interfaces

Use SOAP, Web DAV, or SharePoint Designer interfaces to access the Web site.

Use Client Integration Features

Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.

Open

Allows users to open a Web site, list, or folder in order to access items inside that container.

Edit Personal User Information

Allows a user to change his or her own user information, such as adding a picture.

 

Personal Permissions

 

Manage Personal Views

Create, change, and delete personal views of lists.

Add/Remove Personal Web Parts

Add or remove personal Web Parts on a Web Part Page.

Update Personal Web Parts

Update Web Parts to display personalized information.

 

Creating Permissions for New Sites

For new SharePoint sites, permissions should be considered prior to creating the site.Your choices are to create the new site with the same permissions as the parent site (inheritance), or to break permissions and create your own users and groups within the new site.

Inheriting Permissions for a New Site

If you are directed to use the same permissions as the parent site, all you need to do is create the site as you usually would, and within the New SharePoint Site creation page, check the “Use same permissions as parent site”.

 

Figure 1

This will create the site with the same site permissions as the parent site.Any list or list item permissions in the parent site will not be inherited, as these are specific to lists and list items that only exist in the parent site, and do not exist in the site being created.The permissions of the site may be viewed by going to Site Actions -> Site Settings, and clicking on Advanced Permissions.In order to maintain permissions inheritance, any updates to permissions should be applied to the parent site.These changes will also affect any sub sites that inherit permissions.

Creating New Permissions for a New Site

If you are directed to create a new set of user permissions that differs from the parent site, when creating the new site, within the New SharePoint Site creation page, check “Use unique permissions”.

 

Figure 2

After clicking create for the new site (note that the new site name used herein is Break Inheritance), you will be directed to the Set Up Groups for this Site page.Ensure that Create a new group is checked for each section, Visitors, Members, and Owners.You will also want to confirm that the site owner is set as your user.We will not enter the remaining users at this point, although you could.For the purpose of this article, we will add users in a subsequent step.Click ok.

 

Figure 3

At this point, permissions have been broken from the parent site, and users still need to be added to the site.To keep this orderly, users should not be added directly to the site, but should be added to the groups just created.By default, Members have contribute permissions, Owners have administrative permissions, and Visitors have read permissions.After obtaining the list of users and their required permission levels, click on Site Actions -> Advanced Permissions, and click on the corresponding group in the Groups section within the left navigation, as shown in Figure 4.

 

Figure 4

To demonstrate this, let’s start by adding users with read permissions.Do this by click on the Visitors group, shown as “Break Inheritance Visitors” in Figure 4.On the People and groups screen that comes up, click on New -> Add User.In the Add Users screen that comes up, add all corresponding users to the Users/Groups people editor as shown in Figure 5.Notice that under Give Permission, that the “Break Inheritance Visitors” group has been automatically selected.This means that the users are being added to the SharePoint group “Break Inheritance Visitors”.In turn, the SharePoint group “Break Inheritance Visitors” has already been added to the created site with Read permissions, as specified previously within this article.Click ok.

 

Figure 5

It is best practice to maintain site permissions by way of using SharePoint groups.A group is merely a container for SharePoint users that has specific permissions applied to it.Managing permissions by way of groups makes permissions easier to identify and maintain throughout the lifecycle of the SharePoint site.

Breaking Permissions for Lists and Libraries within a Site

SharePoint allows for permissions to be managed at a more granular level as well.Often permission requests will come in two forms.The first being site permissions to the entire site, as discussed in the previous section.The second, and more granular, being permissions that are applied to lists and document libraries within a site, which differ from the overall site permissions.A common example of when you may see this is for a site that is used by both partners and executives.Consider a document library that holds executive documents that only executives should be able to view, and partner should not.In this scenario, both partners and executives have contribute access to the rest of the site.Using this scenario as an example, and assuming that a document library exists on the site named “Executive Documents”, let’s cover the steps to add a single executive user and single partner user to the site, and then add only the executive user to the Executive Documents library.

First, add both the executive and partner users to the site, as specified in the previous section.Adding them to the “Break Inheritance Members” group will give them contribute permissions to the site.Partners may only have read permissions.If this is the case, add the executive user to the members group, and the partner user to the visitors group.In addition, we will create a new contribute group that will be used to manage permissions for the Executive Documents library.To create a new group, click on Site Actions -> Site Settings, then Advanced Permissions.Click on New -> New Group.For simplicity, and such that you may easily identify groups when returning to a site to update permissions sometime in the future, you should use a consistent naming convention.In this case, we will use the name of the document library followed by the permissions level of the group, and use this for the name of the group, Executive Documents Contributors.Check Contribute permissions within the “Give Group Permission to this Site”.Having populated the new group as shown in Figure 6, click Create.

 

Figure 6

This will redirect you to the People and Groups page for the Executive Documents Contributors group.Add the executive user by clicking New -> Add Users, and entering them in the Add Users section of the Add Users page (see Figure 7).Click ok.

 

Figure 7

Now the new group has been created, and needs to be applied to the specified document library.Navigate to the Executive Documents library, and click on Settings -> Document Library Settings.Under Permissions and Management, click on “Permissions for this document library”, as shown in Figure 8.

 

Figure 8

First we need to break permissions from the site.Do this by clicking on Actions, edit permissions.You will be prompted that you are about to break permissions from the site.Click ok.

Remove all groups that are currently applied to the document library by checking the boxes next to them, and click on Actions -> Remove User Permissions.You will prompted for confirmation.Click ok.

Finally, we can add the Executive Documents Contributors group to the document library.Do this by clicking New -> Add User.On the Add Users screen, add the Executive Documents Contributors group to the Add Users section, and check the appropriate permissions under Give users permission directly, in this case, Contribute.See Figure 9.Click ok.

 

Figure 9

These steps have set the permissions on the Executive Documents library such that only members of the Executive Documents Contributors group may view and contribute to these documents.Also note that when a request comes in to add an additional user to this document library (often many months in the future), you will easily be able to recollect what was done for permissions upon site creation by the obvious naming convention.

SharePoint 2007 permissions is a large topic, and the information provided within this article is just the tip of the iceberg.Hence, much more information is available here.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

PointBridge Blogs

More from this Author

Follow Us
TwitterLinkedinFacebookYoutubeInstagram