Managing Permissions Scenarios You Might Encounter in Sharepoint 2016

By Rosemarie Withee, Ken Withee

Managing permissions in SharePoint is tricky, and the steps you find here are only recommendations. These aren’t the only ways to manage permissions. Try a scenario to help you better understand permissions. Assume you have a site with the SharePoint groups outlined here.

SharePoint groups Members
Site Members John, Bill, and Steve
Site Visitors Mary, Sue, and Sally

Everything in the site inherits from the top-level site. In this scenario, those in the Site Members group have Contribute permissions, whereas those in the Site Visitors group have Read permissions.

Assume you create a new subsite, and you only want your Site Members to access it. You don’t want Site Visitors to even know the subsite exists. In this case, you create unique permissions on the subsite and remove the Site Visitors group.

Assume you have an app for policy documents, and you want John and Sally to have Contribute permissions. You could create a new Policy Reviewers SharePoint group at your top-level site and then adding John and Sally as members to the group. You aren’t done here, however. You haven’t actually granted the group permission to anything yet. You have to browse to the app, break inheritance from its parent, and then grant the Policy Reviewers SharePoint group the Contribute permission level.

Why not just add John and Sally to the app and grant them the Contribute permission level? That approach will certainly work, but it’s hard to manage. That approach obscures that John and Sally have some permissions granted outside the context of a SharePoint group.

Like many others, you probably like to be able to look at your SharePoint groups and have a good idea of what the role of that group is, based on their names on the site. If you start adding users individually to subsites, apps, documents, folders, and items, it becomes difficult to get a big-picture view of how your permissions for the site are configured.

Viewing a group’s permissions

You can easily check the permissions for a given group to see everything that group has been granted access to in your site. You must repeat these steps at each site in your site collection. To do so:

  1. Browse to the top-level site in your site collection.
  2. Open the People and Groups page for the top-level site by clicking the Settings gear icon and choosing Site Settings, and then clicking the People and Groups link in the Users and Permissions section.
    The list of SharePoint groups appears on the Quick Launch.
  3. The list of groups is truncated. Click the More button at the bottom of the listing of groups in the Quick Launch.
    The list of all SharePoint groups in the site collection appears in the main part of the page.
  4. Click the name of the group for which you want to view permissions.
  5. Choose Settings → View Group Permissions.

The View Site Collection Permissions window appears. All the sites, lists, and libraries that the group has permission to access appear in the list.

view site collection permissions
The View Site Collection Permissions window.

Everyone who is a member of the group has the permissions shown on the View Site Collection Permissions window.

Checking a user’s permissions

Sometimes, you just want to know who has permission to do what in a given site. SharePoint 2016 provides just such a method:

  1. Browse to the site where you want to check a user’s permissions.
    This command only checks permissions within a single site. You have to check each site manually.
  2. Browse to the Site Permissions page for a site by clicking the Settings gear icon and choosing Site Settings, and then clicking the Site Permissions link in the Users and Permissions section.
  3. Click the Check Permissions button on the Ribbon.
  4. Enter the name of the user or group whose permissions you want to check for the current site in the User/Group field, and then click the Check Now button.
    The permissions appear in the bottom of the window.
user permission sharepoint
View a user’s permissions to the current site.