Setup Custom Permission for your SharePoint Lists and Libraries
Lists and libraries are the most basic and integral part of the SharePoint infrastructure. Everything we build and manage on SharePoint is backed by these lists and libraries. Today more than 300,000 companies around the world have SharePoint and OneDrive in their Office 365 (including 85% of Fortune 500 companies). This wide acceptance of SharePoint is due to its uniqueness, adaptability, and security. SharePoint permissions allow the Admin to control every aspect of the data in the SharePoint Server. It is the SharePoint admin’s sole discretion who can access and manage the data in the SharePoint environment. While SharePoint has default permission levels for sites and the lists and libraries in it. As a SharePoint admin or someone in the owner’s permission of a library or list, you can create custom permission for the data.
According to the site, hierarchy sites default permissions are inherited from its parent site. What this means is that a site acquires or inherits its permission from the root site of the site collection and all the subsites inherit from its parent site. The permission for the lists and libraries is the same as that of the site that contains them by default.
To assign unique permissions to lists and libraries you must first break the inheritance. This is a step by step guide on how to break inheritance and assign unique permissions to lists and libraries in a list.
If you are a beginner then you must first get a proper understanding of the SharePoint basic permission levels to work with these. SharePoint offers multiple levels of permissions for sites. There are 10 default permissions levels in SharePoint. They are Full Control, Design, Edit, Contribute, Read, Limited Access, Approve, Manage Hierarchy, Restricted Read, and View Only.
Understanding Basic SharePoint Permission Levels
Default permission levels allow admins to easily manage and assign permissions to users or a group of users you choose. While these permission levels are enough to cover basic access control, you can also design permission levels unique to your environment.
- Full Control: All available SharePoint permissions. By default, this permission level is assigned to the Owners group. This permission level cannot be customized or removed.
- Design: Create lists and document libraries, edit pages, and apply themes, borders, and style sheets on the site.
- Edit: Add, edit, and delete lists; view, add, update, and delete list items and documents. By default, this permission level is assigned to the Members group.
- Contribute: View, add, update, and delete list items and documents.
- Read: View pages and items in existing lists and document libraries and download documents.
- Limited Access: Enables a user or group to browse to a site page or library to access a specific content item when they do not have permission to open or edit any other items in the site or library. This level is not assigned directly to a user or group, instead, when you assign edit or open permissions to the single item, SharePoint automatically assigns Limited Access to other required locations, such as the site or library in which the single item is located.
- Approve: Edit and approve pages, list items, and documents. By default, the Approvers group has this permission.
- Manage Hierarchy: Create sites and edit pages, list items, and documents. By default, this permission level is assigned to the Hierarchy Managers group.
- Restricted Read: View pages and documents, but not historical versions or user permissions.
- Read Only: View pages, items, and documents. Any document that has a server-side file handler can be viewed in the browser but not downloaded. File types that do not have a server-side file handler (cannot be opened in the browser), such as video files, .pdf files, and .png files, can still be downloaded.
Now that you have a basic understanding of the default permission levels in SharePoint. Follow the below steps to break permission inheritance and assign unique permissions in lists and libraries.
Break the Permission Inheritance
To break the inheritance, you need to first access the permissions page of the list or library. To access the permissions page, follow the below steps.
- Open the list or library you need to assign unique permission.
- Click on the Gear Icon for settings and find List/Library settings under that.
- On the new page that opened, under Permissions and Management find Permissions for this list or Permissions for this Document Library.
- On that page on the top ribbon, you can find the option Stop Inheriting Permissions.
- Note: If it is not inheriting permissions from the parent site you will see the option Grant Permissions on the top ribbon.
Assigning Unique Permissions
Once you have broken the permission inheritance you can assign unique permissions to the list or library. After you have followed all the above steps, follow these steps to assign unique permissions.
- On the permissions, page click on Stop Inheriting Permissions.
- Click on Grant Permissions to add new users with new permissions.
- To change existing permissions, click on a name in the list.
- Select Edit User Permissions.
- Under Permissions, check the permission level you need to assign to the User or Group you selected.
Remove Unique User Permission
As the admin or owner, you also have the permissions to delete unique user permissions, if you want. To delete user permissions, follow the earlier steps, and access the permission page for the list or library you are modifying.
- Access the List/Library Permission page by following the previous steps.
- In the Name List of the permission, page click on the checkbox beside the name of the person you want to delete permission for.
- Select Remove User Permissions.
Restore Inheritance and Delete all Unique Permissions
The unique permissions you created by breaking the inheritance can be revoked and you can go back to Inherited Permissions if you want. To do that follow these steps.
- Follow the previous steps to access the List/Library Permissions page.
- On the Permissions Page, you can find Delete Unique Permissions on the top ribbon.
- Click OK on the Dialogue box that appears to finish the process.