Default SharePoint groups in SharePoint Server

When you create a site, SharePoint automatically creates groups for the site, and assigns permission levels to the groups. These are known as the default SharePoint groups. Because they represent the most common levels of access that users need, the default groups and their associated permission levels are a good place to start when you add users to a SharePoint site. To learn more about permission levels, see Understanding permission levels.

As an administrator, you can add your own custom groups to more closely align with the requirements of your organization. Deciding how to design and populate SharePoint groups is an important decision that affects your site and content security.

In this article


Default SharePoint groups

SharePoint groups enable you to manage access for sets of users instead of individual users. SharePoint groups are usually composed of many individual users, but a group can also hold one or more Windows security groups. For example, you might add the Windows security group for your team to a SharePoint group, to grant access to the whole team at the same time. When you add users or Windows security groups to a SharePoint group, the added users are assigned the same permission level.

If you’d like more information about how to work with the Windows security and distribution groups that are included in Active Directory Domain Services, see Choose security groups (SharePoint Server 2010).

SharePoint assigns a permission level to each default SharePoint group automatically. The permission level applies to all the members of that group. To learn more about the specific permissions in permission levels, see Understanding permission levels.

You can customize default SharePoint groups by assigning them any permission level that you want. You can also create a SharePoint group and assign it the permission levels that you want.

The following table shows the default SharePoint groups and their assigned permission levels.

SharePoint groups Default permission level
Approvers Approve
<site name> Members Contribute or Edit, depending on the site template
<site name> Owners Full Control
<site name> Visitors Read
Designers Design, Limited Access
Hierarchy Managers Manage Hierarchy
Restricted Readers Restricted Read
Style Resource Readers Limited Access
Viewers View Only
Quick Deploy Users Contribute

If you are on a public website, you will see <site name> Members in your list of SharePoint groups. For example, if Contoso Retail is the name of the website, you’ll see Contoso Retail Members. This is also true if you are on a subsite that has unique permissions. As your site grows, you may notice multiple <site name> Members, Visitors, or Owners groups while looking in site permissions from your site collection root. Each group is prefixed with the name of the site, for example Contoso Retail Members, and Contoso Charities Members may both be present.

There are several times when the site name is added to the group name. These are:

  • When you break permissions inheritance on subsites that had previously inherited permissions
  • When you create new groups for a specific site
  • When you create new sites.

In all cases, the site name before the SharePoint group indicates the name of the site to which the group belongs, so Contoso Charities Members belongs to the Contoso Charities site.

 Tip    You can change the names that SharePoint automatically assigns to these groups at any time.

For more information about permissions inheritance and permission levels, see Introduction: Control user access with permissions.

Roles for SharePoint groups

The following table shows suggested uses for default SharePoint groups

Group name Permission level) Use this group for people who
Approvers Approve Approve documents, pages, and list items.
Owners Full Control Manage site permissions, settings, and appearance.
Members Contribute or Edit Edit site content.
Visitors Read View site content, but not edit it.
Designers Design View, add, update, delete, approve, and customize the site.
Hierarchy Managers Manage Hierarchy Create sites and edit pages, list items, and documents.
Restricted Readers Restricted Read View pages and documents but not versions or permissions.
Style Resource Readers Restricted Read Need only Limited Access to the Style Library and Master Page Gallery.
Viewers View Only Need to see content but not edit or download it.
Quick Deploy Users Contribute Schedule Quick Deploy jobs.

 Note    The Style Resource Readers group contains a Windows security group named NT Authority/Authenticated Users. This means that all authenticated users can display SharePoint master pages and styles for the pages on your site.

Top of Page Top of Page

Special SharePoint groups

Special SharePoint groups support high-level administration tasks, such as assigning permission levels to a group.

 Important    To guarantee full site functionality, make sure that there is always a group of users who have Full Control to the site collection. In addition, make sure that these users appear on the list of site collection administrators.

Top of Page Top of Page

Site collection administrators

Site Collection administrators are not a SharePoint group. However, because they have Full Control on all sites in a site collection, they are mentioned here.

A SharePoint site can have primary and secondary site collection administrators. If you are a site collection administrator, you can also designate additional site collection administrators. These users are the main contacts for the complete site collection. Site collection administrators have full control of all sites within the site collection and can audit all site content. In addition, they receive administrative alerts about site activity, such as whether a site is active.

Top of Page Top of Page

 
 
Applies to:
SharePoint Server 2013 Enterprise, SharePoint Server 2013 Standard