Appendix A. SharePoint 2013 User Permissions and Permission Levels

Microsoft SharePoint 2013 includes 33 user permissions that determine the specific actions that users can perform on a SharePoint site. Permissions are grouped into permission levels. In essence, each permission level is a named collection of permissions that can be assigned to SharePoint users and groups.

There are a number of default permission levels available on a SharePoint 2013 site. For example, seven default permission levels are available on every team site: View Only, Read, Contribute, Edit, Design, Full Control, and Limited Access. When your site is based on a site template other than the Team site template, you will see additional default SharePoint permission levels available on your site. For example, three default permission levels are available on every publishing site: Restricted Read, Approve, and Manage Hierarchy. Every community site provides a Moderate permission level.

Table A-1 lists and describes the default permission levels, along with their corresponding permissions, in SharePoint 2013.

Table A-1. Default permission levels

Permission level

Description

Permissions included by default

Limited Access

Allows access to shared resources in the website so that users can access an item within the site. Designed to be combined with fine-grained permissions to provide users with access to a specific list, document library, item, or document without giving users access to the entire site. Cannot be customized or deleted.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open

View Only

Enables users to view application pages. The View Only permission level is used for the Excel Services Viewers group.

View Application Pages, View Items, View Versions, Create Alerts, Use Self Service Site Creation, View Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open

Read

Allows read-only access to the website.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages

Contribute

Allows users to create and edit items in existing lists and document libraries.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts

Edit

Enables users to manage lists.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts, Manage Lists

Design

Allows users to create lists and document libraries, as well as edit pages in the website.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts Manage Lists, Override Check Out, Approve Items, Add and Customize Pages, Apply Themes and Borders, Apply Style Sheets

Full Control

Allows full control. Cannot be customized or deleted.

All permissions

Restricted Read

View pages and documents. For publishing sites only.

View Items, Open Items, View Pages, Open

Manage Hierarchy

Create sites; edit pages, list items, and documents, and change site permissions. For publishing sites only.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts Manage Lists, Override Check Out, Add and Customize Pages, Manage Permissions, Enumerate Permissions, View Web Analytics Data, Create Subsite, Manage Alerts, Manage Web Site

Approve

Edit and approve pages, list items, and documents. For publishing sites only.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Override List Behaviors, Approve Items, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts

Moderate

View, add, update, delete, and moderate list items and documents.

View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Override List Behaviors, Manage Lists, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts

In addition to using the default permission levels provided by SharePoint Server, you can create new permission levels that contain specific permissions, as well as change which permissions are included in the default permission levels, with a few exceptions. Although it is not possible to remove permissions from the Limited Access and Full Control permission levels, your SharePoint administrator can make specific permission levels unavailable for the entire web application by using SharePoint Central Administration. If you are a SharePoint administrator and want to do this, do the following: in SharePoint Central Administration, from the Application Management page, select Manage Web Applications, choose your web application, click the Permission Policy button on the ribbon, and then delete the permissions levels that you would like to disable.

Depending on the scope, user permissions in SharePoint 2013 can be grouped into three categories: list permissions, site permissions, and personal user permissions. Table A-2 lists and describes user permissions in SharePoint 2013, in alphabetical order, and includes scope, permission dependencies, and the permission levels that are included by default.

Table A-2. User permissions

Permission

Description

Scope

Dependent permissions

Included in these permission levels by default

Add and Customize Pages

Adds, changes, or deletes Hypertext Markup Language (HTML) pages or Web Part pages; edits the website by using a SharePoint Foundation–compatible editor.

Site

View Items, Browse Directories, View Pages, Open

Design, Full Control, Manage Hierarchy

Add Items

Adds items to lists, documents to document libraries, and web discussion comments.

List

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Add/Remove Personal Web Parts

Adds or removes personal Web Parts on a Web Part page.

Personal Permissions

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Apply Style Sheets

Applies a style sheet (.css file) to the website.

Site

View Pages, Open

Design, Full Control

Apply Themes and Borders

Applies a theme or borders to the entire website.

Site

View Pages, Open

Design, Full Control

Approve Items

Approves minor versions of list items or documents.

List

Edit Items, View Items, View Pages, Open

Design, Full Control, Approve

Browse Directories

Enumerates files and folders in a website by using Microsoft SharePoint Designer and Web DAV interfaces.

Site

View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Browse User Information

Views information about users of the website.

Site

Open

All

Create Alerts

Creates email alerts.

List

View Items, View Pages, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, View Only

Create Groups

Creates a group of users that can be used anywhere within the site collection.

Site

View Pages, Browse User Information, Open

Full Control

Create Subsites

Creates subsites such as Team sites.

Site

View Pages, Browse User Information, Open

Full Control, Manage Hierarchy

Delete Items

Deletes items from a list, documents from a document library, and web discussion comments in documents.

List

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Delete Versions

Deletes past versions of list items or documents.

List

View Items, View Versions, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Edit Items

Edits items in lists, documents in document libraries, and web discussion comments in documents; customizes Web Part pages in document libraries.

List

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Edit Personal User Information

Users can change their own user information, such as adding a picture.

Site

Browse User Information, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Enumerate Permissions

Enumerates permissions in the website, list, folder, document, or list item.

Site

Browse Directories, View Pages, Browse User Information, Open

Full Control

Manage Alerts

Manages alerts for all users of the website.

Site

View Items, View Pages, Open

Full Control

Manage Lists

Creates and deletes lists, adds or removes columns in a list, and adds or removes public views of a list.

List

View Items, View Pages, Open, Manage Personal Views

Design, Edit, Full Control, Moderate, Manage Hierarchy

Manage Permissions

Creates and changes permission levels on the website; assigns permissions to users and groups.

Site

View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open

Full Control, Manage Hierarchy

Manage Personal Views

Creates, changes, and deletes personal views of lists.

Personal Permissions

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Manage Web Site

Performs all administration tasks and manages content for the website.

Site

View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open

Full Control, Manage Hierarchy

Open

Opens a website, list, or folder to access items inside that container.

Site

None

All

Open Items

Views the source of documents with server-side file handlers.

List

View Items, View Pages, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Restricted Read

Override List Behaviors

Discards or checks in a document that is checked out to another user without saving the current changes.

List

View Items, View Pages, Open

Design, Full Control, Approve, Moderate, Manage Hierarchy

Update Personal Web Parts

Updates Web Parts to display personalized information.

Personal Permissions

View Items, View Pages, Open

Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

Use Client Integration Features

Uses features that start client applications; without this permission, users must work on documents locally and then upload their changes.

Site

Use Remote Interfaces, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Limited Access, View Only

Use Remote Interfaces

Use Simple Object Access Protocol (SOAP), Web DAV, or SharePoint Designer interfaces to access the website.

Site

Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Limited Access, View Only

Use Self-Service Site Creation

Creates a website by using Self-Service Site Creation.

Site

View Pages, Browse User Information, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, View Only

View Application Pages

Views forms, views, and application pages; enumerates lists.

List

Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Limited Access, View Only

View Items

Views items in lists, documents in document libraries, and web discussion comments.

List

View Pages, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Restricted Read, View Only

View Pages

Views pages in a website.

Site

Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy, Restricted Read, View Only

View Versions

Views past versions of list items or documents.

List

View Items, Open Items, View Pages, Open

Read, Contribute, Design, Edit, Full Control, Approve, Moderate, Manage Hierarchy

View Web Analytics Data

Views reports on website usage.

Site

View Pages, Open

Full Control, Manage Hierarchy

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset