Providence IT Company Shows Why Custom Permissions Improve SharePoint Security
SharePoint custom permissions give you the ability to define your own access levels instead of relying on the default ones. You can create a permission level by choosing the exact actions you want users to have, such as viewing content, editing items, managing lists, or creating workflows. Given that 1 in 2 employees can access data that they shouldn’t, reviewing your permissions and not relying on default assumptions is an important step.
| “Microsoft’s defaults are highly secure. In most cases, you will be able to find the right permission levels without customization. However, Microsoft also understands that there are edge cases and will account for them if you know where to look.” – Gary Harlam, President, Technology Advisory Group (TAG) |
Custom permissions are useful when SharePoint’s built-in options do not align with how your team works. For instance, finance team members may need the ability to upload documents, but with restrictions on who can delete them. The default levels bundle these actions together, so you cannot grant upload rights without also granting delete rights.
In this article, a Providence IT firm explains why custom permissions require manual setup and explores how to design SharePoint permissions effectively along with the options available to you.
What Are The Default SharePoint Permission Settings?
There are 7 basic default permission settings in SharePoint. Customization is less about creating a new permission from scratch and more about adjusting the 7 available permission levels to suit your needs. We will explore that in greater detail below, but first, let’s take a look at what the 7 default permissions are.
1. Full Control
This level gives complete administrative authority over a site. A user with this permission can manage site settings, create or delete lists and libraries, update navigation, adjust themes, and control all permissions. It is usually only assigned to a small group of site owners.
2. Design
People assigned the Design level can shape how a site looks and behaves. They can customize pages, modify layouts, work with web parts, and approve content while still editing or deleting items. This option supports users who handle the site’s structure but do not need the ability to manage security settings.
3. Edit
Edit access lets users manage both content and the lists or libraries that hold it. They can create, change, or remove items as well as create or delete entire lists or libraries. It fits teams that need to organize their own content spaces while leaving broader site administration to others.
4. Contribute
Contribute allows users to add, change, and delete items in existing lists and libraries. They can maintain documents and list entries, but cannot create new lists or adjust site-wide settings. This level supports people who work directly with daily content.
5. Read
Users with Read access can view pages, lists, and documents without altering anything. They can open files and browse site content, but cannot upload, edit, or delete items. However, they can download most file types to their device. This level is for people who only need to review information.
6. View Only
View Only restricts users to in-browser viewing. Files open in the browser and cannot be downloaded. This level reduces the chance of files being saved locally while still giving users the ability to see the information. It’s similar to the Read level, but without download permissions.
7. Limited Access
Limited Access is assigned when a user needs to see a specific item, folder, or library while lacking rights to the rest of the site. It supports sharing only what is needed while keeping other areas restricted.
SharePoint also provides 3 roles that come preset with specific permission levels. You can also customize these, but here are what those roles are by default.
| Owners | Mapped to Full Control to manage content, structure, and permissions. |
| Members | Mapped to Edit or Contribute so they can create and modify content. |
| Visitors | Mapped to Read or View Only for view-only access. |
What Custom SharePoint Roles and Permissions Are Available?
As mentioned, customization involves adjusting the 7 levels, not creating brand new permissions. However, you can rename a customized permission to something unique. Here are a few ways you can adjust the 7 permission settings.
Custom Permission Level Based on an Existing Level
You can copy a built-in level, rename it, and then select or clear individual permissions. This lets you keep familiar behavior while removing certain rights, such as managing lists or changing permissions, for specific individuals. It is useful when default levels give users slightly too much or too little control, and you want a fine-tuned role.
Edit Without Delete
You can create a level that lets users create and edit files but not delete them by starting from Edit or Contribute and clearing granular permissions such as Delete Items and Delete Versions. This role helps protect important content while still allowing day-to-day editing and collaboration.
Read Plus Limited Interaction
Some members need more than simple viewing access, but default levels beyond Read may be a bit too much. Granting permissions such as Create Alerts or Manage Personal Views allows them to monitor changes and personalize how they view content while keeping editing off the table.
Approver or Reviewer
You can create an “approver” role by including permissions such as Approve Items and View Versions while leaving out site-wide management rights. This lets specific users approve documents or list items in workflows without giving them full site ownership.
Library-Specific Contributor
Not every user needs the same access across an entire site. Breaking inheritance and assigning a custom contributor level on a single library allows targeted editing rights while keeping the rest of the site restricted or read-only.
Folder-Level Custom Role
You can break inheritance at a folder level inside a library and assign a custom permission level to that folder. This lets you create secure sub-areas where only certain users can read or edit content, even if the rest of the library has broader access.
Item-Level Access
Sometimes, only one document or list item requires unique access. Granting direct permissions on that item provides precise control without altering the broader permissions of the library or site.
Temporary Elevation
You can create a custom level that grants extra permissions, such as managing lists or editing pages, assign it to a group for a limited time, and then remove it when the work is complete. This gives short-term advanced access without leaving long-term high-privilege assignments in place.
Custom Groups
Pairing a custom permission level with a dedicated SharePoint group keeps access organized. This approach separates “who needs access” from “what they are allowed to do,” making it easier to reuse the role across different site areas.
How to View Your Current SharePoint Permission Settings
To view current permission settings in SharePoint, navigate to the site in question and open its settings menu (gear icon) and then select “Site permissions” or “Advanced permissions settings,” depending on your version.
Once you’re on the permissions page, you can review which SharePoint groups or users are assigned which built-in or custom permission levels. For a more detailed check (i.e., for a particular user or group), you can use the “Check Permissions” feature by entering the user or group name and clicking “Check Now.” The system will then display the permission level(s) they hold on that site or object.
If you want to see whether a list, library, folder, or item has unique permissions (i.e., doesn’t inherit from its parent), the permissions page will show status messages such as “This library inherits permissions from its parent” or “Some items may have unique permissions.”
Source: Skysit
How Do You Edit Permissions in SharePoint?
To edit permissions in SharePoint, access the same permissions page for the site, list, library, folder, or item you want to change. Once there, if the object is inheriting permissions from its parent, you’ll first need to stop inheriting permissions to make changes unique to that object.
After inheritance is broken, you can select a user or group and click “Edit User Permissions” (or similar command) to change their permission level from one built-in level to another or assign a custom permission level.
If needed, you can also remove permissions by selecting a user or group and choosing “Remove User Permissions.”
What Are The Benefits of Using Custom SharePoint List Permission Levels?
More Control
Custom permission levels let you decide which actions stay restricted. You can allow users to work with certain list features while keeping actions like version changes, workflow triggers, or advanced settings limited to specific people.
Cleaner Separation
Custom levels give you a simple way to match access with actual roles. You can assign groups to focused tasks instead of giving broad permissions that do not match their responsibilities. This helps teams stay organized and reduces confusion about who handles what.
Plus, it helps limit the damage of incidents should they occur. CloudSecureTech notes that only 1 in 4 companies are actually prepared for incidents. While you need more than custom settings to be fully prepared. A clean separation can help contain potential damage is a great place to start.
Reduced Risk of Accidental Changes
Custom permissions prevent people from reaching list settings they do not need. Removing unneeded capabilities lowers the chance of users changing columns, deleting views, or adjusting rules by mistake.
Better Support For Unique Processes
Some lists follow rules that differ from the rest of the site. Custom levels help you support those rules by giving only the required rights. This keeps each list aligned with the workflow it supports, even when the process is different from other parts of the site.
More Flexibility
Custom permission levels help you adjust access as teams evolve. You can change or extend a custom level to support new tasks without rebuilding your entire permission model. This reduces long-term management work and supports future updates.
One survey showed that 73% of employees needed 15+ minutes to get required access to their workspace due to rigid access controls that were not adjusted to account for new workflows. So, it’s a good idea to prevent such situations before they occur.
Easier Permission Reviews
Using well-labeled custom levels makes permission reviews more direct. Instead of checking long lists of rights for each user, you can review the named roles and confirm whether they match current needs. This saves time during audits and helps keep access accurate.
Consistency
Creating a custom level that fits a pattern lets you apply it to new lists without repeating the same setup steps. This gives you a consistent permission model across multiple areas and removes guesswork when new lists are created.
Ask a Trusted Providence IT Firm Which SharePoint Custom Permissions Are Right for You
If your organization has highly specific needs, even these levels may not provide the best picture. The information in this blog is intended to be general; for tailored advice, it’s best to reach out to an expert IT consultant.
You can find one from Technology Advisory Group (TAG). Our team has extensive experience with the Microsoft 365 suite, including SharePoint. That means that we’re well-equipped to help you customize your SharePoint site and perform the 365 integrations that you need.
Contact a trusted IT firm in Providence today to learn more!
