Microsoft SharePoint Foundation 2010 includes 32 user permissions that determine the specific actions that users can perform on the site. Permissions are grouped into permission levels. In essence, each permission level is a named collection of permissions that can be assigned to SharePoint users and groups. Five default permission levels are available on every site: Read, Contribute, Design, Full Control, and Limited Access. Table A-1 lists default permission levels along with their corresponding permissions in Microsoft SharePoint Foundation.
Permission Level | Description | Permissions Included by Default |
Limited Access | Allows access to shared resources in the website so that users can access an item within the site. Designed to be combined with fine-grained permissions to provide users with access to a specific list, document library, item, or document without giving users access to the entire site. Cannot be customized or deleted. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open |
Read | Allows read-only access to the website. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages |
Contribute | Allows users to create and edit items in existing lists and document libraries. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts |
Design | Allows users to create lists and document libraries, as well as edit pages in the website. | View Application Pages, Browse User Information, Use Remote Interfaces, Use Client Integration Features, Open, View Items, Open Items, View Versions, Create Alerts, Use Self-Service Site Creation, View Pages, Add Items, Edit Items, Delete Items, Delete Versions, Browse Directories, Edit Personal User Information, Manage Personal Views, Add/Remove Personal Web Parts, Update Personal Web Parts Manage Lists, Override Check Out, Approve Items, Add And Customize Pages, Apply Themes And Borders, Apply Style Sheets |
Full Control | Allows full control. | All permissions |
You can create new permission levels that contain specific permissions, as well as change which permissions are included in the default permission levels, with a few exceptions. While it is not possible to remove permissions from the Limited Access and Full Control permission levels, your SharePoint administrator can make specific permission levels unavailable for the entire web application by using SharePoint Central Administration. If you are a SharePoint administrator and want to do this, do the following: In SharePoint Central Administration, from the Application Management page, select Manage Web Applications, choose your web application, click the Permission Policy button on the Ribbon, and then delete the permissions levels that you would like to disable.
Depending on the scope, user permissions in SharePoint Foundation can be grouped into three categories: list permissions, site permissions, and personal user permissions. Table A-2 lists user permissions in SharePoint Foundation in alphabetical order, detailing their scope, permission dependencies, and the permission levels that they are in by default.
Permission | Description | Scope | Dependent Permissions | Included in These Permission Levels by Default |
Add And Customize Pages | Add, change, or delete Hypertext Markup Language (HTML) pages or Web Part pages; edit the website by using a SharePoint Foundation–compatible editor. | Site | View Items, Browse Directories, View Pages, Open | Design, Full Control |
Add Items | Add items to lists, documents to document libraries, and web discussion comments. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Add/Remove Personal Web Parts | Add or remove personal Web Parts on a Web Part page. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Apply Style Sheets | Apply a style sheet (.css file) to the website. | Site | View Pages, Open | Design, Full Control |
Apply Themes And Borders | Apply a theme or borders to the entire website. | Site | View Pages, Open | Design, Full Control |
Approve Items | Approve minor versions of list items or documents. | List | Edit Items, View Items, View Pages, Open | Design, Full Control |
Browse Directories | Enumerate files and folders in a website by using Microsoft SharePoint Designer and Web DAV interfaces. | Site | View Pages, Open | Contribute, Design, Full Control |
Browse User Information | View information about users of the website. | Site | Open | All |
Create Alerts | Create email alerts. | List | View Items, View Pages, Open | Read, Contribute, Design, Full Control |
Create Groups | Create a group of users that can be used anywhere within the site collection. | Site | View Pages, Browse User Information, Open | Full Control |
Create Subsites | Create subsites such as Team, Meeting Workspace, and Document Workspace sites. | Site | View Pages, Browse User Information, Open | Full Control |
Delete Items | Delete items from a list, documents from a document library, and web discussion comments in documents. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Delete Versions | Delete past versions of list items or documents. | List | View Items, View Versions, View Pages, Open | Contribute, Design, Full Control |
Edit Items | Edit items in lists, documents in document libraries, and web discussion comments in documents; customize Web Part pages in document libraries. | List | View Items, View Pages, Open | Contribute, Design, Full Control |
Edit Personal User Information | Users can change their own user information, such as adding a picture. | Site | Browse User Information, Open | Contribute, Design |
Enumerate Permissions | Enumerate permissions in the website, list, folder, document, or list item. | Site | Browse Directories, View Pages, Browse User Information, Open | Full Control |
Manage Alerts | Manage alerts for all users of the website. | Site | View Items, View Pages, Open | Full Control |
Manage Lists | Create and delete lists, add or remove columns in a list, and add or remove public views of a list. | List | View Items, View Pages, Open, Manage Personal Views | Design, Full Control |
Manage Permissions | Create and change permission levels on the website; assign permissions to users and groups. | Site | View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
Manage Personal Views | Create, change, and delete personal views of lists. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Manage Web Site | Perform all administration tasks and manage content for the website. | Site | View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
Open | Open a website, list, or folder to access items inside that container. | Site | None | All |
Open Items | View the source of documents with server-side file handlers. | List | View Items, View Pages, Open | Read, Contribute, Design, Full Control |
Override Check Out | Discard or check in a document that is checked out to another user without saving the current changes. | List | View Items, View Pages, Open | Design, Full Control |
Update Personal Web Parts | Update Web Parts to display personalized information. | Personal Permissions | View Items, View Pages, Open | Contribute, Design, Full Control |
Use Client Integration Features | Use features that start client applications; without this permission, users must work on documents locally and then upload their changes. | Site | Use Remote Interfaces, Open | All |
Use Remote Interfaces | Use Simple Object Access Protocol (SOAP), Web DAV, or SharePoint Designer interfaces to access the website. | Site | Open | All |
Use Self-Service Site Creation | Create a website by using Self-Service Site Creation. | Site | View Pages, Browse User Information, Open | Read, Contribute, Design, Full Control |
View Application Pages | View forms, views, and application pages; enumerate lists. | List | Open | All |
View Items | View items in lists, documents in document libraries, and web discussion comments. | List | View Pages, Open | Read, Contribute, Design, Full Control |
View Pages | View pages in a website. | Site | Open | Read, Contribute, Design, Full Control |
View Versions | View past versions of list items or documents. | List | View Items, Open Items, View Pages, Open | Read, Contribute, Design, Full Control |
View Web Analytics Data | View reports on website usage. | Site | View Pages, Open | Full Control |