To maintain security and integrity of your SharePoint Online site, assign the right level of permission or privilege to the users of your site. As a best practice, create a SharePoint group first, assign a permission level to the group, and then start adding users to the appropriate groups.
An example of a SharePoint group could be the “Executive” group with Contribute access where all your C-level executives are members. Another example is a “Site Owners” group with Full Control privileges, comprised of a few members of your team who are technically advanced.
Grouping your users with similar access needs minimizes the administrative burden of individually adding or removing users from sites, libraries, and lists. Doing this allows you to use those groups in workflows, such as assigning tasks to a group rather than an individual.
In SharePoint 2010, you can assign permissions on the site collection level and have those permissions be inherited or not inherited on the subsite level. You can also further customize the permission on document libraries or lists so even if users may have access to the site, they may or may not have access to certain contents within the site.
You can take it even farther down to the granular level by customizing the permission for items in a list or contents in a library so that even though a group may have access to a document library, only certain individuals have access to certain files.
To manage your site’s permissions, go to Site Actions→Site Settings and then follow the links under User and Permissions.
To manage permissions on a list, library, or item, hover over the list, library, or item, click the down arrow on the right, and then select Manage Permissions.