Recently, I saw an exchange between two SharePoint people about permissions. It went like this:
Q: I created a permission level identical to ‘Full Control’ except for one thing: I unchecked the permissions ‘Create sub-sites.’ However, when I test that new permission level I find I am not allowed to manage permissions!? Why?
A: I just created a new Permission Level, with all the same privs as Owner and could give a group that level. I was logged in as a site admin.
Q: Now remove your Site Admin priv and grant yourself ‘Site Owner without Create SubSite’ permission level.
A: I added a user to my ‘Sort of Owner’ group which had all owner level perms, made sure he had no other privs on the site, and accessed it fine... so from my quick testing, this seems to work fine.
It got me thinking about SharePoint permissions. Permissions management is a big deal, especially if you're dealing with compliance. It's challenging. Out of curiosity, I went to Microsoft to see what I could find:
This Microsoft article talks about SharePoint 2013 default permissions and user permissions.
This Microsoft article talks about SharePoint 2010 default permissions and user permissions.
This Microsoft article tells how to configure the permissions needed to synchronize profile information with SharePoint Server 2013.
This Microsoft article details about how to get ready to setup profile synchronization in SharePoint 2013.
This Microsoft article talks about how to customize an existing permission level, copy an existing permission level, and create a permission level in SharePoint 2010.
This Microsoft article relates to what users are allowed to see.
At SharePoint Pro magazine, we published a couple things related to permissions—actually, on claims:
And this older article, which is useful for background:
What are some resources you’ve found helpful? Let us know.