Share via


User permissions and permission levels (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

This article describes the default permission levels as well as the user permissions in Microsoft SharePoint Server 2010.

In this article:

  • Default permission levels

  • User permissions

Default permission levels

Permission levels are collections of permissions that allow users to perform a set of related tasks. SharePoint Server 2010 includes five permission levels by default. You can customize the permissions available in these permission levels (except for the Limited Access and Full Control permission levels), or you can create customized permission levels that contain only the specific permissions you need. For more information about how to customize permission levels, see Configure custom permissions (SharePoint Server 2010).

Note

Although you cannot directly edit the Limited Access and Full Control permission levels, you can make individual permissions unavailable for the entire Web application, which removes those permissions from the Limited Access and Full Control permission levels. For more information about how to manage permissions for a Web application, see Manage permissions for a Web application (SharePoint Server 2010).

The following table lists the default permission levels for team sites in SharePoint Server 2010.

Permission level Description Permissions included by default

Limited Access

Allows access to shared resources in the Web site so that the users can access an item within the site. Designed to be combined with fine-grained permissions to give users access to a specific list, document library, folder, list item, or document, without giving them access to the entire site. Cannot be customized or deleted.

  • View Application Pages

  • Browse User Information

  • Use Remote Interfaces

  • Use Client Integration Features

  • Open

Read

View pages, list items and download documents.

  • Limited Access permissions, plus:

  • View Items

  • Open Items

  • View Versions

  • Create Alerts

  • Use Self-Service Site Creation

  • View Pages

Contribute

View, add, update, and delete items in the existing lists and document libraries.

  • Read permissions, plus:

  • Add Items

  • Edit Items

  • Delete Items

  • Delete Versions

  • Browse Directories

  • Edit Personal User Information

  • Manage Personal Views

  • Add/Remove Personal Web Parts

  • Update Personal Web Parts

Design

View, add, update, delete, approve, and customize items or pages in the Web site.

  • Approve permissions, plus:

  • Manage Lists

  • Add and Customize Pages

  • Apply Themes and Borders

  • Apply Style Sheets

Full Control

Allows full control of the scope.

All permissions

If you use a site template other than the team site template, you will see a different list of default SharePoint groups. For example, the following table shows additional permission levels provided with the publishing template.

Permission level Description Permissions included by default

Restricted Read

View pages and documents. For publishing sites only.

  • View Items

  • Open Items

  • View Pages

  • Open

Approve

Edit and approve pages, list items, and documents. For publishing sites only.

  • Contribute permissions, plus:

  • Override Checkout

  • Approve Items

Manage Hierarchy

Create sites; edit pages, list items, and documents. For Publishing sites only.

  • Design permissions minus the Approve Items, Apply Themes and Borders, and Apply Style Sheets permissions, plus:

  • Manage permissions

  • View Web Analytics Data

  • Create Subsites

  • Manage Alerts

  • Enumerate Permissions

  • Manage Web Site

User permissions

SharePoint Server 2010 includes 33 permissions, which are used in the five default permission levels. You can change which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.

Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to things such as personal views, private Web Parts, and more. The following tables describe what each permission is used for, the dependent permissions, and the permission levels in which it is included.

List permissions

Permission Description Dependent permissions Included in these permission levels by default

Manage Lists

Create and delete lists, add or remove columns in a list, and add or remove public views of a list.

View Items, View Pages, Open, Manage Personal Views

Design, Full Control

Override Check Out

Discard or check in a document that is checked out to another user without saving the current changes.

View Items, View Pages, Open

Design, Full Control

Add Items

Add items to lists, and add documents to document libraries.

View Items, View Pages, Open

Contribute, Design, Full Control

Edit Items

Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.

View Items, View Pages, Open

Contribute, Design, Full Control

Delete Items

Delete items from a list, and documents from a document library.

View Items, View Pages, Open

Contribute, Design, Full Control

View Items

View items in lists, and documents in document libraries.

View Pages, Open

Read, Contribute, Design, Full Control

Approve Items

Approve minor versions of list items or documents.

Edit Items, View Items, View Pages, Open

Design, Full Control

Open Items

View the source of documents with server-side file handlers.

View Items, View Pages, Open

Read, Contribute, Design, Full Control

View Versions

View past versions of list items or documents.

View Items, Open Items, View Pages, Open

Read, Contribute, Design, Full Control

Delete Versions

Delete past versions of list items or documents.

View Items, View Versions, View Pages, Open

Contribute, Design, Full Control

Create Alerts

Create e-mail alerts.

View Items, View Pages, Open

Read, Contribute, Design, Full Control

View Application Pages

View forms, views, and application pages. Enumerate lists.

Open

All

Site permissions

Permission Description Dependent permissions Included in these permission levels by default

Manage Permissions

Create and change permission levels on the Web site and assign permissions to users and groups.

View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open

Full Control

View Usage Data

View reports on Web site usage.

View Pages, Open

Full Control

Create Subsites

Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.

View Pages, Browse User Information, Open

Full Control

Manage Web Site

Perform all administration tasks for the Web site, and manage content.

View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open

Full Control

Add and Customize Pages

Add, change, or delete HTML pages or Web Part pages, and edit the Web site by using a Windows SharePoint Services-compatible editor.

View Items, Browse Directories, View Pages, Open

Design, Full Control

Apply Themes and Borders

Apply a theme or borders to the entire Web site.

View Pages, Open

Design, Full Control

Apply Style Sheets

Apply a style sheet (.css file) to the Web site.

View Pages, Open

Design, Full Control

Create Groups

Create a group of users that can be used anywhere within the site collection.

View Pages, Browse User Information, Open

Full Control

Browse Directories

Enumerate files and folders in a Web site by using Microsoft SharePoint Designer 2010 and Web DAV interfaces.

View Pages, Open

Contribute, Design, Full Control

Use Self-Service Site Creation

Create a Web site by using Self-Service Site Creation.

View Pages, Browse User Information, Open

Read, Contribute, Design, Full Control

View Pages

View pages in a Web site.

Open

Read, Contribute, Design, Full Control

Enumerate Permissions

Enumerate permissions on the Web site, list, folder, document, or list item.

Browse Directories, View Pages, Browse User Information, Open

Full Control

Browse User Information

View information about users of the Web site.

Open

All

Manage Alerts

Manage alerts for all users of the Web site.

View Items, View Pages, Open

Full Control

Use Remote Interfaces

Use SOAP, Web DAV, or SharePoint Designer 2010 interfaces to access the Web site.

Open

All

Use Client Integration Features

Use features that start client applications. Without this permission, users must work on documents locally and then upload their changes.

Use Remote Interfaces, Open

All

Open

Open a Web site, list, or folder to access items inside that container.

None

All

Edit Personal User Information

Users can change their own user information, such as adding a picture.

Browse User Information, Open

Contribute, Design, Full Control

Personal permissions

Permission Description Dependent permissions Included in these permission levels by default

Manage Personal Views

Create, change, and delete personal views of lists.

View Items, View Pages, Open

Contribute, Design, Full Control

Add/Remove Personal Web Parts

Add or remove personal Web Parts on a Web Part page.

View Items, View Pages, Open

Contribute, Design, Full Control

Update Personal Web Parts

Update Web Parts to display personalized information.

View Items, View Pages. Open

Contribute, Design, Full Control

See Also

Concepts

Configure custom permissions (SharePoint Server 2010)