You need SharePoint groups and permission levels to run your site effectively. They keep your site hierarchy in order and running smoothly. SharePoint provides a handful of groups and permission levels. If you don't know exactly what these are or what they entail, check here for the basics.
However, sometimes these groups and permission levels aren't enough and you need to make your own. In this post, I'll talk about custom groups and permission levels: what they are, when you want them, and how to make them.
What are Custom Groups and Permission Levels?
To begin, let's define basic groups, permission levels, and permissions.
Individual permissions are the things a user can do on your site. Examples are viewing pages, editing sites, and changing permissions.
Permission levels are collections of these permissions. SharePoint has seven default permission levels that range from little to total control.
Groups are buckets to put users in. These buckets are assigned permission levels. SharePoint gives you four default groups with preassigned permission levels.
So, what are custom groups and permission levels? The names are actually pretty self-explanatory. You make them yourself. What SharePoint provides doesn't always fit your needs. With custom permission levels, you can pick and choose individual permissions. This lets users do whatever they need to do. With custom groups, you can make your own user buckets and assign it any permission level. Customization lets you fine-tune your SharePoint site for your organization.
When Do I Need Custom SharePoint Permissions?
If SharePoint doesn't expressly give you what you need, make it yourself. For permission levels, there are really only two reasons to customize. Either a permission level gives users too much power, or too little power. You may want users to be able to do something that a level doesn't cover. You may want to take away some power.
In either case, determine the difference between what you want and an existing permission level. If there isn't much difference, you can just edit the existing level. If there is a large difference, you can create a whole new permission level. Be very careful with this step. It can possibly open security risks in your site. Giving the wrong people the wrong permissions creates major problems. Carefully check and document any changes you make to these levels to maintian governance of your site.
There are also two main reasons to customize groups. Either none of the existing groups fully capture site users or you just don't like the name. Either way, feel free to add, edit, or create new groups. This has a minimal effect on security and is mostly aesthetic. Security problems from groups come from the attached permission levels.
How Do I Set Them Up?
Lets say you want to create a new permission level. It's easy when you know how to do it.
1. On your SharePoint site, go to 'Site Settings'.
2. Click the 'Site Permissions' link (Under the 'Users and Permissions' section).
3. At the top of the page, click on the 'Permissions' tab.
4. Click the 'Permission Levels' button (In the 'Manage' group).
5. Click 'Add a Permission Level.'
6. Check the boxes for all Individual Permissions you want.
7. Create the group, and you're done!
Remember that custom permission levels can create security risks if mishandled. Manage and record all custom levels to make sure that users can only do what they need to do.
Now lets create a custom group to go with the permission level. Here's the process.
1. Go to the 'Site Permissions' section (Under 'Site Settings').
2. In the 'Permissions' tab, click 'Group.'
3. Fill out all fields as prompted.
4. Find 'Give Group Permissions to this Site' and choose the wanted Permission Level.
5. Create the group, and you're done.
Customization is essential for most organizations. Although the provided groups and permission levels are useful, they may not cover all bases. There will most likely be cases when none of the included groups or levels work for your company. Custom groups and permission levels work for that purpose. By using and managing these tools, you can make your site fit your company.
For further information on setting up permission levels, stay tuned for the next post on SharePoint Permission Inheritance.