Permissions are granted to users or SharePoint groups so that they can perform specific actions on securable objects, such as a Site, library, list, folder, item, or document on your Site. Permission levels allow you to group permissions, and apply them to users and SharePoint groups on various Sites in your SharePoint installation.
When you create a new SharePoint Site, there are five permission levels provided by default:
- Full Control: Allows users or groups full control over a Site. Full Control is the least restrictive permission level. You cannot modify or remove this permission level.
- Design: Allows users or groups to view, add, update, delete, approve, and customize lists, libraries, and pages on your Site, including themes and style sheets.
- Contribute: Allows users or groups to view, add, update, and delete previously created list items and document libraries.
- Read: Allows users or groups to read pages on the Site, including the resource libraries. Read is the most restrictive permission level.
- Limited Access: A permission level that is automatically assigned to a user or group, and therefore cannot be directly assigned by the administrator. This permission level enables users to view specific lists, document libraries, list items, folders, or documents without giving access to all the elements of a site, such as file versions of an alert subscription.
You can add a user who has a valid account, created by a network administrator, to SharePoint. When a user is added to the system, you can assign permissions directly to a securable object (web, list, library, and so on) or indirectly through a SharePoint Group.
Tip
Using SharePoint Groups is the recommended practice when managing security as it is easier to manage changes for a group than for individual users and apply the same change to different objects across your Sites. Also, give the name of the group a relevant name, for example HR Management, for executives in the HR department. This makes administration easy for understanding the purpose of the group as the group name is stating the function of the group and its members.
All SharePoint groups are created at the Site collection level (highest level Site), and are available to all sub Sites in the Site collection. You can also create groups that only have permissions to a particular sub Site if inheritance is broken.
For further information visit this site: