How to Use SharePoint Groups
SharePoint uses groups to manage the process of granting someone access to the content in a site. Each SharePoint group maps to a set of permissions that define the tasks that a user can perform.
Most users fall into one of SharePoint’s three default groups:
Site Visitors: Grants read-only access to the site and allows users to create alerts. Users who need read access to a site but don’t need to contribute content are visitors.
Site Members: Confers the Contribute permission level for users, which allows them to add, edit, and modify items and browse sites. Most end users fall into this category for a site.
Site Owners: Grants full control. A site owner may or may not use the site on a regular basis, but the site owner can delegate administrative and design tasks to others. Also, a site owner may or may not be a technical person.
Access to your site and its content is managed through group membership. Adding and removing users from SharePoint groups is the most efficient way of granting and revoking permissions.
A top-level site has a single set of Site Visitors, Site Members, and Site Owners. The actual names of the groups are determined by the name of the site. For example, if your site is named Sales, SharePoint calls your groups Sales Visitors, Sales Members, and Sales Owners.
These three groups are created and named when the top-level site is created. All the apps and subsites that are created below the top-level site use these groups and have the same set of people inside the groups. By default, all the content and subsites in your top-level site have the same permissions, dubbed permissions inheritance.