Warning: This site requires the use of scripts, which your browser does not currently allow. See how to enable scripts.

Roadmap for giving users access to SharePoint Server 2007 sites and site content

As a site owner, you can give users access to a Microsoft Office SharePoint Server 2007 site and its content and control what they can do with it, also referred to as managing permissions. This roadmap is a guide to giving and restricting users' access to sites and site content. Familiarize yourself with the roadmap by clicking the links below.

The roadmap is designed for individuals who are managing permissions for an Office SharePoint Server 2007 site but who are not IT professionals. If you are an IT professional, TechNet may better meet your needs.

Important To manage SharePoint site permissions, you must have the Full Control permission level for the site. You have this permission level if you can access the Sites Settings page for the site and the page contains the Users and Permissions column. For information about accessing the Site Settings page, see the article Work with site settings.

If your site is based on Windows SharePoint Services 3.0, see WSS 3.0 Help and How-to. You can check your version of SharePoint Products and Technologies by clicking the Help icon Icon image on your site.

Security concepts and planning

This section provides conceptual and planning information about giving users access to your SharePoint site and its content.

Concepts

It's important that you understand the security concepts of Office SharePoint Server 2007 before using the procedures in the subsequent sections. These brief articles will help you to understand the core concepts of SharePoint security.

What do you want to explore?

Concepts	Description
Introduction to controlling access to sites and site content	Provides conceptual information about: Creating the permissions structure for your site. How to begin managing security for SharePoint. How security elements, such as permissions and groups, are assigned to a securable object, such as a site or list item. The relationship between a SharePoint site hierarchy and permissions inheritance.
Introduction to managing SharePoint groups and users	Provides conceptual information about using SharePoint groups to manage who can access a SharePoint site and its content and what they can do with that site and site content.
How your permissions affect what you can see in SharePoint 2007	Provides conceptual information about how a user's permissions for a site affects what they see on a site.

Concepts

Description

Introduction to controlling access to sites and site content

Provides conceptual information about:

Creating the permissions structure for your site.
How to begin managing security for SharePoint.
How security elements, such as permissions and groups, are assigned to a securable object, such as a site or list item.
The relationship between a SharePoint site hierarchy and permissions inheritance.

Introduction to managing SharePoint groups and users

Provides conceptual information about using SharePoint groups to manage who can access a SharePoint site and its content and what they can do with that site and site content.

How your permissions affect what you can see in SharePoint 2007

Provides conceptual information about how a user's permissions for a site affects what they see on a site.

Planning

It's important that you plan who needs access to a site and site content and what tasks those people need to be able to perform on the site before using the procedures in the subsequent sections. The following articles will help you plan security for your SharePoint site and its contents.

What do you want to explore?

Goal	Description
Plan site security	Helps you to understand the elements of site security and how permissions are assigned. It also helps you choose which levels of site security to use in your site collection or subsite.
Determine permission levels and groups to use	Reviews the default permission levels and groups and helps you determine whether you need additional permission levels or groups.
Choose which security groups to use	Helps you determine which Microsoft Windows security groups and user accounts to use to grant access to sites, decide whether to use the All Authenticated Users group, and decide whether to allow anonymous access.

Typical steps for giving users access to a site and its content

This section provides the typical steps required to give users access to your SharePoint site and its content. The section uses default SharePoint groups. If this does not meet your needs, see More options for giving users access to a site and its content.

Step 1) Import users into Office SharePoint Server 2007

The first step in giving users access to your SharePoint site and its content is for a SharePoint server administrator to import Windows security groups and users accounts into Office SharePoint Server 2007 by using Central Administration. The import can be configured to occur on a schedule so that changes are automatically picked up by Office SharePoint Server 2007. For information about importing users into Office SharePoint Server 2007, see Import user profiles.

Note Windows security groups and users accounts will not be available in Office SharePoint Server 2007 if the import is not performed.

Step 2) Configure permission inheritance

The second step in giving users access to your SharePoint site and its content is configuring your subsite either to inherit permissions from its parent site or to use unique permissions. (If your site is a top level site, it always has unique permissions.) Configure your subsite in one of these ways:

Inherit permissions If the permissions, permissions levels, users, and groups of its parent site meet the needs of the subsite, configure your subsite to inherit permissions. Managing permissions for the subsite is performed at the parent site, freeing you from this task.
Use unique permissions If inheriting permissions from its parent site does not meet the needs of the subsite, possibly because of organizational requirements or regulatory compliance, configure your subsite to use unique permissions.

You configure a subsite either to inherit permissions or to use unique permissions when you create it. For more information see, see Create a site. You can change if a subsite inherits or has has unique permissions. For more information, see the next section, Removing and restoring site permission inheritance.

Whether a site inherits permissions or has unique permissions does not affect whether site content inherits or has unique permissions. By default, site content inherits the permissions of its parent. For example, by default a document library has the same permissions as the site that contains it.

Note Site content includes lists, libraries, pages, folders, list items, and library files.

If you create unique permissions for site content, you have to manage permissions for it separately. For more information, see More options for giving users access to a site and its content.

Step 3) Add users to default SharePoint groups

The final step in giving users access to a SharePoint site and its content involves adding Windows security groups and user accounts to SharePoint groups for the site. For more information, see Give users access to a site or the Add users to a SharePoint group demo from SharePointHosting.com.

Note This step is not applicable if the site is configured to inherit permissions.

More options for giving users access to a site and its content

If you or someone in your organization previously configured permissions for your site and its contents, or if you are unsure of the situation, the step-by-step approach to customizing user access outlined in the previous section may not meet your needs. This section provides more options for customizing user access to a SharePoint site and site content.

Remove and restore site permissions inheritance

Give users access to your site and its content by configuring your subsite either to inherit permissions from its parent site or to use unique permissions. If your site is a top-level site, it always has unique permissions.

What do you want to explore?

Goal	Description
Remove permission inheritance from subsite	A demo from SharePointHosting.com about stopping the inheritance of permissions from a site to a subsite. Note When you remove inheritance from a subsite, the permissions, permissions levels, users, and groups that have already been inherited by the subsite will be retained by the subsite. Subsequent changes to the subsite's permissions, permissions levels, users, and groups will be unique to the subsite and any sites that inherit permissions from the subsite.
Restore Permission Inheritance	A demo from SharePointHosting.com about restoring the inheritance of permissions from a site to a subsite. Important Restoring permissions inheritance for a subsite discards custom permissions, permissions levels, users, and groups that were created for the subsite.

Goal

Description

Remove permission inheritance from subsite

A demo from SharePointHosting.com about stopping the inheritance of permissions from a site to a subsite.

Note When you remove inheritance from a subsite, the permissions, permissions levels, users, and groups that have already been inherited by the subsite will be retained by the subsite. Subsequent changes to the subsite's permissions, permissions levels, users, and groups will be unique to the subsite and any sites that inherit permissions from the subsite.

Restore Permission Inheritance

A demo from SharePointHosting.com about restoring the inheritance of permissions from a site to a subsite.

Important Restoring permissions inheritance for a subsite discards custom permissions, permissions levels, users, and groups that were created for the subsite.

Give and remove user access to a site

Give users access to your site and control what they can do there by managing SharePoint group, user, and anonymous access.

What do you want to explore?

Goal	Description
Give users access to a site	Provides information about the processes required to give users access to a SharePoint site, including: Creating SharePoint groups Assigning permission levels to groups Adding users to groups Changing the permission levels for a group
Add users to a site	A demo from SharePoint-Screencasts.com about giving users access to a SharePoint site, including how to: Create SharePoint groups Assign permission levels to groups Add users to groups The demo also provides examples of how the user interface differs for common permission levels. This is also referred to as security-trimmed UI. Note Requires Windows Media Player
Remove users and groups from site access	Provides information about removing access to a site and its content for specific users.
Enable anonymous access	Provides information about enabling anonymous access on SharePoint sites, including: What anonymous access is. Why you might want to use it. What you may want to consider before enabling it. Prerequisites for enabling it. Procedures for enabling it.

How users can request access to a site and its content

Give users the ability to automatically request access to a site and site content by enabling the the Request Access feature.

What do you want to explore?

Goal	Description
Get access to a SharePoint site	Provides information about how a user gets access to a SharePoint site, including the Access Requests feature.
Manage access requests	A demo from SharePointHosting.com about enabling the Access Requests feature. When a user attempts to access a site for which they don't have permission, an Error - Access Denied page is displayed. If Access Requests is enabled, there will be a Request Access link on the page. Note Outgoing e-mail must be enabled in SharePoint Central Administration by a server administrator before you can turn on Access Requests. For information about enabling outgoing e-mail, see Configure outgoing e-mail settings.

Goal

Description

Get access to a SharePoint site

Provides information about how a user gets access to a SharePoint site, including the Access Requests feature.

Manage access requests

A demo from SharePointHosting.com about enabling the Access Requests feature. When a user attempts to access a site for which they don't have permission, an Error - Access Denied page is displayed. If Access Requests is enabled, there will be a Request Access link on the page.

Note Outgoing e-mail must be enabled in SharePoint Central Administration by a server administrator before you can turn on Access Requests. For information about enabling outgoing e-mail, see Configure outgoing e-mail settings.

Manage unique permissions for site content

If you have sensitive information stored in a particular securable object, such as a list or document, and you do not want to expose that information to all users of a site, you can assign specific SharePoint groups and users just the specific permissions that you want them to have on a particular securable object.

What do you want to explore?

Goal	Description
Customizing user access to lists and libraries	Provides procedural information about managing permissions on lists and libraries.
Customizing user access to folders, list items, and library files	Provides procedural information about managing permissions on folders in list and libraries, list items, and library files.
Configure which items in a list users can read and edit	Provides procedural information about configuring which items in a list users can read and edit, such as calendar appointments in a calendar list.

Reference

Reference	Description
Permission levels	Provides conceptual and procedural information about creating, copying, editing, deleting, and inheriting permissions for Office SharePoint Server 2007.
Permission levels and permissions	Provides detailed conceptual information about Windows SharePoint Services 3.0: Default permission levels SharePoint site, list, and personal permissions Dependencies between permissions Note The Windows SharePoint Services 3.0 permission levels are are a subset of the Office SharePoint Server 2007 permission levels.
View users and SharePoint groups and edit the Quick Launch group list	Provides information about viewing all users who have been granted access to a site as well as viewing all SharePoint groups for the site. It also provides information about editing the group list to control which groups appear under the Groups heading on the Quick Launch on the People and Groups pages.

Description

Permission levels

Provides conceptual and procedural information about creating, copying, editing, deleting, and inheriting permissions for Office SharePoint Server 2007.

Permission levels and permissions

Provides detailed conceptual information about Windows SharePoint Services 3.0:

Default permission levels
SharePoint site, list, and personal permissions
Dependencies between permissions

Note The Windows SharePoint Services 3.0 permission levels are are a subset of the Office SharePoint Server 2007 permission levels.

View users and SharePoint groups and edit the Quick Launch group list

Provides information about viewing all users who have been granted access to a site as well as viewing all SharePoint groups for the site. It also provides information about editing the group list to control which groups appear under the Groups heading on the Quick Launch on the People and Groups pages.

Applies to:

SharePoint Server 2007

Sign in to Office.com

Start working in the cloud

Microsoft account

Organizational account

Roadmap for giving users access to SharePoint Server 2007 sites and site content

Security concepts and planning

Typical steps for giving users access to a site and its content

More options for giving users access to a site and its content