Sharing content with users in SharePoint is very easy. Therein lies the problem. Since it is so easy to give users access to content, permissions can get out of control very quickly if proper governance isn’t implemented.
Fortunately, we have groups in SharePoint to help keep permissions organized in a way that makes sense. Rather than sharing documents directly with users, it is better to share using groups. Groups based on roles will allow you to assign permissions in an intuitive way. It will also be easier for others to understand and manage permissions when they are based on roles.
To begin managing groups, click the settings gear in the top left in the suite bar and select Site Permissions
Choose Advanced permissions settings.
The default groups will be Site Visitors, Site Members and Site Owners with read, edit and full control respectively. These groups are a good start and will be sufficient in many cases. However, it is very likely that you will need to create new groups for various roles. In this example site, there is a custom group named “Students” with the add permission. This is to allow students to add items but not delete or edit them. Note that a group can have different permission levels assigned in different places. For example, on the Instructor site, the students can only add. However, we could create a student site that uses the same group, but they could be given edit permissions there.
Let’s create another group for Site Designers and give them the Design permission so they can work on all of the site’s content but not edit permissions.
Choose Create Group.
Enter in the group information and assign the appropriate permissions (Design in this case). Note that the default group owner will be the user creating the group. It is often a good idea to make the group owner a group instead. This way group membership can be managed by more than one person without opening it up to all members. Here we will change the group owner to the Instructor Site Owners.
Select Create when finished.
To add new members, select New then Add Users (Note: if you select the “New” hyperlink, you will go straight to the add user page but if you click the arrow next to it, then you will get the dropdown shown in the screenshot).
Enter the names of the users you want to add. If you expand the Show Options text, you can check/uncheck sending an email invitation to the users added. This is checked by default. Click Share.
Organizing users into groups based on roles will help drastically with maintaining your SharePoint environment.