https://www.sikich.com

SharePoint Permissions – Should I Use Edit or Contribute for Members?

Craig Schellenberg

Aug 16 2022

3 min read

Microsoft SharePoint has been around for decades, and its security permissions haven’t changed a lot over the years. Permissions can be set at the top-level site, at a list or library, at a folder, or even at a file level.

The primary permission levels used over the years still exist:

Full Control – just that, grants full control.
Edit – Can add, edit, and delete lists and libraries; can view add, update, and delete list items and documents.
Contribute – Can view, add, update, and delete list items and documents.
Read – Can view pages and list items and documents.
Restricted View – Can view pages, list items and documents, but cannot download them.

Microsoft also has 3 built-in SharePoint security groups, which are assigned one of those permission levels:

Owner – Full Control
Member – Edit
Visitor – Read

At first glance, that looks appropriate. At second glance, it should give you pause.

Yes, if you are an Owner of a site, it makes sense that you can do everything and anything you want to that site including deleting lists or libraries on the site or even up to deleting the entire site.

Yes, if you are a Visitor of the site, it makes sense to have Read-only access.

If you are a member of the site with the default permissions level of “Edit,” essentially you have Owner rights of the site without the ability to delete the entire site. However, you have permission to delete any library or list on that site that is inheriting the same permissions.

SharePoint Permissions for Members

That is where this blog comes in.

First, to make you aware of the default permissions that Microsoft is handing out.

Second, that the Edit permission seemingly has more permission access than you think it might.

Third, to consider making a change for the SharePoint Member groups to have the Contribute permission instead of the Edit permission.

Revisiting the Contribute permission, it can view, add, update, and delete list items and documents. If you were to classify general information workers in your organization, this would be the majority of the users. Your users are not creating new libraries and lists during their routine daily tasks. They are just working in the already created libraries and lists with the data in them. The Contribute permission is ideal for this.

Keeping security in mind, you should only provide users the minimum access they need to do their job function. That is just one layer of the onion in securing your SharePoint environment.

Have any questions about setting SharePoint permissions or your SharePoint environment security? Please reach out to one of our experts!

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author

Craig Schellenberg

Craig Schellenberg is a Senior Network Consultant at Sikich that works with businesses to improve their IT. Being detail oriented assists in his ability to design and deploy new solutions as well as troubleshoot complex issues. His primary areas of focus are virtualization and storage on premise (whether through VMware vSphere or Microsoft Hyper-V), Microsoft Cloud services such as Azure and Office 365, Microsoft SQL design and administration, backup/DR/Business Continuance, and network route/switch/firewalls. Craig holds many certifications including his MCSE (Microsoft Certified Solutions Expert) in Productivity, Messaging, and Cloud Platform and Infrastructure. Craig also holds multiple certifications of his VCP (VMware Certified Professional) including version 3, 4 (Data Center Virtualization), 5 (Data Center Virtualization), 5 (Desktop), Cloud, and 6 (Data Center Virtualization).