Search This Blog

Saturday, August 28, 2010

SharePoint Tutorial 6 - Security

In SharePoint all objects inherit their security settings from its parent by default. For example, when a library is created in a site the library will inherit the security settings of the site unless otherwise specified. The same would go for documents within the library.

If you modify the security of the object in any way then the security inheritence is broken but not before SharePoint imports all the parent settings to the child. Afterwards any updates made to the parent object will not be passed down to the child object.

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles


A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.


There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Domain groups can come from Active Directory much like user accounts and are created and maintained there. An Active Directory group may contain Active Directory users and other Active Directory Groups.

SharePoint groups are created and maintained in SharePoint. A SharePoint group can contain user accounts and domain groups. A SharePoint group can not contain other SharePoint groups.


Access is granted or restricted through permissions grouped to form a role. The following roles are included in SharePoint out-of-the-box:

  • Full Control - Has full control.
  • Design - Can view, add, update, delete, approve, and customize.
  •  Manage Hierarchy - Can create sites and edit pages, list items, and documents.
  • Approve - Can edit and approve pages, list items, and documents.
  • Contribute - Can view, add, update, and delete.
  • Read - Can view only.
  • Restricted Read - Can view pages and documents, but cannot view historical versions or review user rights information.
  • Limited Access - Can view specific lists, document libraries, list items, folders, or documents when given permissions.
  • View Only - Members of this group can view pages, list items, and documents. If the document has a server-side file handler available, they can only view the document using the server-side file handler.


  1. Wow. Thanks for sharing this helpful tutorial that is totally based on security. I am a regular visitor of your blog and love to read whatever you share information about Sharepoint. Keep posting.
    sharepoint digital signature

  2. This is a good tip especially to those new to the blogosphere.
    Short but very accurate info… Many thanks for sharing this one.

    A must read article!

    Also visit my blog; cash advance loan locations
    my webpage - read what they said about it