- Article
- 7 minutes to read
APPLIES TO: 
2013 2016 2019 Subscription Edition 
SharePoint in Microsoft 365
Default permission levels are predefined sets of permissions that you can assign to individual users, groups of users, or security groups, based on the functional requirements of the users and on security considerations. SharePoint Server permission levels are defined at the site collection level and are inherited from the parent object by default.
Learn about Sharing and permissions in the SharePoint modern experience in Microsoft 365.
Default permission levels
Default permission levels are made up of a set of permissions that enable users to perform a collection of related tasks. SharePoint Server includes seven permission levels. You can customize the permissions contained within five of these permission levels. You cannot customize the permissions within the Limited Access and Full Control permission levels.
Note
Although you cannot directly edit the Limited Access and Full Control permission levels, you can make individual permissions unavailable for the entire web application, which removes those permissions from the Limited Access and Full Control permission levels. For more information, see Manage permissions for a web application in SharePoint Server.
The following table lists the default permission levels for team sites in SharePoint Server.
| Permission level | Description | Permissions included by default |
|---|---|---|
| View Only | Enables users to view application pages. The View Only permission level is used for the Excel Services Viewers group. | View Application Pages View Items View Versions Create Alerts Use Self Service Site Creation View Pages Browse User Information Use Remote Interfaces Use Client Integration Features Open |
| Limited Access | Enables users to access shared resources and a specific asset. Limited Access is designed to be combined with fine-grained permissions to enable users to access a specific list, document library, folder, list item, or document, without enabling them to access the whole site. Limited Access cannot be edited or deleted. Note: when sharing a link to a document with all users in your organization, SharePoint will assign the Limited Access permission via a group name "Limited Access System Group" that is applied the first time a user accesses the resource who does not otherwise have permission via the link | View Application Pages Browse User Information Use Remote Interfaces Use Client Integration Features Open |
| Read | Enables users to view pages and list items, and to download documents. | Limited Access permissions, plus: View Items Open Items View Versions Create Alerts Use Self-Service Site Creation View Pages |
| Contribute | Enables users to manage personal views, edit items and user information, delete versions in existing lists and document libraries, and add, remove, and update personal Web Parts. | Read permissions, plus: Add Items Edit Items Delete Items Delete Versions Browse Directories Edit Personal User Information Manage Personal Views Add/Remove Personal Web Parts Update Personal Web Parts |
| Edit | Enables users to manage lists. | Contribute permissions, plus: Manage Lists |
| Design | Enables users to view, add, update, delete, approve, and customize items or pages in the website. | Edit permissions, plus: Add and Customize Pages Apply Themes and Borders Apply Style Sheets Override List Behaviors Approve Items |
| Full Control | Enables users to have full control of the website. | All permissions |
If you use a site template other than the team site template, you will see a different list of default SharePoint permission levels. For example, the following table shows additional permission levels provided with the publishing template.
| Permission level | Description | Permissions included by default |
|---|---|---|
| Restricted Read | View pages and documents. For publishing sites only. | View Items Open Items View Pages Open |
| Approve | Edit and approve pages, list items, and documents. For publishing sites only. | Contribute permissions, plus: Override List Behaviors Approve Items |
| Manage Hierarchy | Create sites; edit pages, list items, and documents, and change site permissions. For Publishing sites only. | Design permissions minus the Approve Items, Apply Themes and Borders, and Apply Style Sheets permissions, plus: Manage permissions View Web Analytics Data Create Subsites Manage Alerts Enumerate Permissions Manage Web Site |
User permissions
SharePoint Server includes 33 permissions, which are used in the default permission levels. You can configure which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.
Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to certain objects, such as personal views and private Web Parts. The following tables describe what each permission is used for, the dependent permissions, and the permission levels in which it is included.
List permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
| Manage Lists | Create and delete lists, add or remove columns in a list, and add or remove public views of a list. | View Items, View Pages, Open | Edit, Design, Full Control, Manage Hierarchy |
| Override List Behaviors | Discard or check in a document that is checked out to another user, and change or override settings that allow users to read/edit only their own items. | View Items, View Pages, Open | Design, Full Control |
| Add Items | Add items to lists, and add documents to document libraries. | View Items, View Pages, Open | Contribute, Edit, Design, Full Control |
| Edit Items | Edit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries. | View Items, View Pages, Open | Contribute, Edit, Design, Full Control |
| Delete Items | Delete items from a list, and documents from a document library. | View Items, View Pages, Open | Contribute, Edit, Design, Full Control |
| View Items | View items in lists, and documents in document libraries. | View Pages, Open | Read, Contribute, Edit, Design, Full Control |
| Approve Items | Approve a minor version of list items or document. | Edit Items, View Items, View Pages, Open | Design, Full Control |
| Open Items | View the source of documents with server-side file handlers. | View Items, View Pages, Open | Read, Contribute, Edit, Design, Full Control |
| View Versions | View past versions of a list item or document. | View Items, Open Items, View Pages, Open | Read, Contribute, Edit, Design, Full Control |
| Delete Versions | Delete past versions of list items or documents. | View Items, View Versions, View Pages, Open | Contribute, Edit, Design, Full Control |
| Create Alerts | Create alerts. | View Items, View Pages, Open | Read, Contribute, Edit, Design, Full Control |
| View Application Pages | View forms, views, and application pages. Enumerate lists. | Open | All |
Site permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
| Manage Permissions | Create and change permission levels on the web site and assign permissions to users and groups. | View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
| View Web Analytics Data | View reports on Web site usage. | View Pages, Open | Full Control |
| Create Subsites | Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites. | View Pages, Browse User Information, Open | Full Control |
| Manage Web Site | Grants the ability to perform all administration tasks for the web site, as well as manage content. | View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open | Full Control |
| Add and Customize Pages | Add, change, or delete HTML pages or Web Part pages, and edit the website. | View Items, Browse Directories, View Pages, Open | Design, Full Control |
| Apply Themes and Borders | Apply a theme or borders to the whole website. | View Pages, Open | Design, Full Control |
| Apply Style Sheets | Apply a style sheet (.css file) to the website. | View Pages, Open | Design, Full Control |
| Create Groups | Create a group of users that can be used anywhere within the site collection. | View Pages, Browse User Information, Open | Full Control |
| Browse Directories | Enumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces. | View Pages, Open | Contribute, Edit, Design, Full Control |
| Use Self-Service Site Creation | Create a website using Self-Service Site Creation. | View Pages, Browse User Information, Open | Read, Contribute, Edit, Design, Full Control |
| View Pages | View pages in a website. | Open | Read, Contribute, Edit, Design, Full Control |
| Enumerate Permissions | Enumerate permissions on the website, list, folder, document, or list item. | Browse Directories, View Pages, Browse User Information, Open | Full Control |
| Browse User Information | View information about users of the website. | Open | All |
| Manage Alerts | Manage alerts for all users of the website. | View Items, View Pages, Open, Create Alerts | Full Control |
| Use Remote Interfaces | Use SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the website. | Open | All |
| Use Client Integration Features | Use features that launch client applications. Without this permission, users must work on documents locally and then upload their changes. | Use Remote Interfaces, Open, View Items | All |
| Open | Enables users to open a website, list, or folder to access items inside that container. | None | All |
| Edit Personal User Information | Enables users to change their own user information, such as adding a picture. | Browse User Information, Open | Contribute, Edit, Design, Full Control |
Personal permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
| Manage Personal Views | Create, change, and delete personal views of lists. | View Items, View Pages, Open | Contribute, Edit, Design, Full Control |
| Add/Remove Personal Web Parts | Add or remove personal Web Parts on a Web Part page. | View Items, View Pages, Open, Update Personal Web Parts | Contribute, Edit, Design, Full Control |
| Update Personal Web Parts | Update Web Parts to display personalized information. | View Items, View Pages, Open | Contribute, Edit, Design, Full Control |
See also
Other Resources
Manage permissions for a web application in SharePoint Server
FAQs
What are the user permissions and permission levels in SharePoint server? ›
SharePoint default permission levels:
Read – Users Can Open & view SharePoint content including documents, pictures and lists. They'll not be able to create, modify, or delete. Contribute – Allows the user to view, add, update, and delete content. Designer – Can do everything contributors do.
The default permission levels are Limited Access, Read, Contribute, Design, and Full Control. For information about default permission levels and the permissions included in each level, see User permissions and permission levels (SharePoint Server 2010).
What are the 3 permission groups available in SharePoint? ›...
Communication sites aren't connected to Microsoft 365 groups and use the standard SharePoint permissions groups:
- Owners.
- Members.
- Visitors.
- Situational Marketing. “Situational Marketing” permission requires contact to be first initiated by the customer. ...
- Brand Trust. ...
- Personal Relationship. ...
- Purchase on Approval. ...
- Intravenous.
...
Write
- create folders.
- add new files.
- delete files.
There are four categories (system, owner, group, and world) and four types of access permissions (Read, Write, Execute and Delete).
What are server level permissions? ›Server-level roles are server-wide in their permissions scope. (Roles are like groups in the Windows operating system.) SQL Server 2019 and previous versions provided nine fixed server roles. The permissions that are granted to the fixed server roles (except public) can't be changed.
What are the user access levels? ›The user access level of editors affects their abilities to perform specific actions on Wikipedia. A user's access level depends on which rights (also called permissions, user groups, bits, or flags) are assigned to accounts. There are two types of access leveling: automatic and requested.
How do I manage user permissions in SharePoint? ›- 1 Open the SharePoint site.
- 2 Click on Site Actions (gear icon) and then select Site Settings.
- 3 Under the Users and Permissions category, click Site Permissions.
- 4 Select the check box next to the group whose permission you wish to modify.
- 5 Go to the Permissions tab and click Edit User Permissions.
- On your website or team site, click Settings. ...
- On the Site Settings page, under Users and Permissions, click Site Permissions.
- Select the check box next to the user or group to which you want to assign the new permission level.
- On the Permissions tab, click Edit User Permissions.
What are the 3 default permission groups created with a SharePoint site? ›
Default permission
A team site by default has three SharePoint groups: Owners, Members and Visitors. These groups have different permissions on the site. By default, SharePoint users are Members and have Edit permission.
Default permission levels
SharePoint Server includes seven permission levels.
755 means read and execute access for everyone and also write access for the owner of the file. When you perform chmod 755 filename command you allow everyone to read and execute the file, the owner is allowed to write to the file as well.
What are the 3 different file modes in which an user can access a file? ›There are many modes for opening a file: r - open a file in read mode. w - opens or create a text file in write mode. a - opens a file in append mode.
What are user permissions? ›User permissions, part of the overall user management process, are access granted to users to specific resources such as files, applications, networks, or devices.
What are the different access permissions? ›Access permissions include read, write, and none.
What are user level permissions? ›User permissions, part of the overall user management process, are access granted to users to specific resources such as files, applications, networks, or devices.