SharePoint Permissions & Inheritance – Explained!

You must understand SharePoint permissions and group levels if you want to build a secure SharePoint intranet.

Having a good handle on your groups and permissions may greatly help your site.

If you want a comprehensive course for any skill level, view our SharePoint courses here.

Why are permissions needed?

Groups and permission levels protect your site. They give users more influence over their behaviours on your site by empowering and restricting them.

They’re also the ideal tools for putting up your site’s ‘Visitor’ feature.

The flow of an intranet may be controlled by adjusting site authorization levels for specific groups.

Users can utilize a site to its maximum extent when permission levels are set up.

The three default security groups

The three default security groups include owners, visitors, and members.

Typically, communication sites have one or many proprietors, a small number of members who develop the site’s content, and a vast number of visitors who are the individuals with whom you’re exchanging information.

1) Visitors to your site are read-only users.

Therefore, only reading and downloading are available to these users.

2) Members are the people you may add, update, and delete from your site.

These users can view and download content, add, edit, and remove it (documents, pages, announcements, events).

They are also able to exchange information with others.

3) Owners are users with complete power over your site.

Owners have access to all of the same features as members and visitors, plus the ability to maintain the security of the site, control navigation, and create extra web components.

Sounding too technical and looking for more of a starter? Read our beginners guide to SharePoint here.

Woman managing data centre

Default SharePoint site permissions

You can choose to disrupt the inheritance. For example, you breach inheritance by modifying a child’s permission levels.

However, doing so implies it will no longer have access to its parent’s permissions.

You can also only want a subset of users to be able to view a particular subsite.

In this situation, you would break permissions inheritance and establish a higher required level.

The new inheritance will be passed down to all descendants of the item.

When it comes to giving subsites more rights, breaking inheritance may be really useful.

In addition, this is a helpful method for dealing with sensitive data.

You can read our beginner’s guide to creating a SharePoint site here.

What are permission levels in SharePoint?

Permission levels are a collection of permissions that allow individuals or groups to carry out specific tasks. Each permission level is made up of a set of special permissions (such as: Delete Items, Create Alerts, etc.).

SharePoint permission levels from lowest to highest

Here are the default SharePoint access permissions:

    1. Read – SharePoint read only access users may access materials such as documents, images, and lists. They won’t be able to add, alter, or remove anything.
    2. Contribute – View, add, amend, and remove content is possible.
    3. Designer – Can do all of the tasks that contributors accomplish. Additionally, you may construct additional document libraries, columns, and views and alter the website’s appearance by adding or rearranging web elements.
    4. Full Control – Users have complete control over the site, including the ability to add/delete members, change their access, and have SharePoint edit permissions.
    5. View Only – Users can browse but not download web pages, lists, or list items.

You receive three extra permission levels with Publishing site templates, in addition to the ones listed above:

    1. Approve – Users can provide their approval to pages, list items, or documents that others have contributed.
    2. Manage Hierarchy – Users can make changes to pages, lists, and documents. Users with Manage Hierarchy rights can also build sites.
    3. Restricted Read – Users can read pages and documents, but no historical versions exist.

Looking for more information on permissions? Read our guide to Sharing Files And Folders in SharePoint here!

Computer screen showing data related code

What Is Security Inheritance?

Simply put, inheritance is the process through which a parent object transfers its attributes to its children. A child is an item that is not part of the parent object.

A child object inherits all of its parent’s capabilities when it is created. This will allow you to save a significant amount of time.

What Is Permission Inheritance?

The site hierarchy represents the parent-child connection in SharePoint. A subsite’s parent is a site, and a list or a library’s parent is a subsite. Finally, a list or library is the parent of its items.

In some cases, aspects of the parent are handed on to the kid. For example, children inherit permission levels in SharePoint by default.

A user who has access to a subsite’s libraries will also have access to the libraries of that subsite.

Consequently, you may set permissions at the site’s top level, and they will apply to all children – that is, the entire site.

However, you can opt to break the inheritance chain.

Modifying a child’s permission levels, for example, is an example of a violation of inheritance.

This means it doesn’t have access to its parent’s permission anymore.

You could just want a certain fraction of people to be allowed to see a specific subsite.

In this case, you would break permissions inheritance and set a higher necessary level.

Then the new inheritance will be passed on to all descendants of the item.

When it comes to giving subsites more rights, breaking inheritance may be really useful.

In addition, this is a valuable method for dealing with sensitive data.

Learn more about SharePoint Templates here!

Viewing the permissions for a list or library

Let’s take a look at the steps to view SharePoint list permissions:

  • Starting from the homepage in Sharepoint, click on the settings icon in the top right corner.

Highlights the Site Contents button in SharePoint

  • If you have an existing library or list, you should see it in the “site contents” folder and on the panel on the left. If you don’t have a library or list yet, you can create one by clicking the “+New” button at the top.

Shows where to find the library in the Site Contents folder

  • Next, click on either the list or library you want to modify and then again on the settings icon in the top right corner. After that, select “list or library settings.”

Highlights the list settings button

  • Here you will be able to change all of the settings for the library or list.

Highlights the Permissions and Management section inside

Adding a user to a list or library

  • If you want to add a user to a list or library, you must open up the site contents folder again and click on the list or library to which you want to add users.
  • After that, click on the Share button in the top right corner.

Highlights the share button for adding a user

  • Lastly, add the users, security groups, or Microsoft 365 groups to your library or list.

Dialog box for how to share the site with others

Unsharing or removing a user

  • If you want to unshare or remove a user from a folder, you must open up the site contents tab and select the appropriate folder.
  • Click on the Share button in the top right corner.
  • You will then see a list of the users added to the folder. You can edit or remove their access by clicking on the down arrow under the user’s name.

Shows how you can unshare or remove someone from the site

Breaking inheritance to create custom permissions

  • If you want to break inheritance to create custom permissions, you must open up the site contents tab and select the appropriate folder.
  • Click the settings icon in the top right corner and select “List Settings.”

Highlights the list settings option and how to get there from settings

  • Next, click the “permissions for this list” option.

Shows the


  • If you want to break inheritance permission from the parent, select “Stop Inheriting Permissions.” Select the appropriate option if you want to modify or view the parent permission inheritance.

Shows the buttons in the ribbon for stopping inheriting permissions


Now that you understand SharePoint permissions for office 365 and Inheritance, you can build a secure SharePoint site.

If you’re interested in learning more, keep up with our News & Tips Section for upcoming SharePoint articles!

Looking for more SharePoint advice? Read here on how to Sync SharePoint To OneDrive.


About Ben Richardson

Ben is a director of Acuity Training which he has been running for over 10 years.

He is a Natural Sciences graduate from the University of Cambridge and a qualified accountant with the ICAEW.

He previously worked as a venture capitalist and banker and so had extensive experience with Excel from building financial models before moving to learn SQL, Microsoft Power BI and other technologies more recently.