Forum Discussion
SharePoint Online Permissions - sanity check my thinking?
Hi,
We're setting up SharePoint Online for our business and one thing that seems to be a repeating mantra is the permissions structure. I understand that at the top level you want to set your pemissions so you don't need to break inheritance where possible.
I would like some advice on our approach to the permission structure, because it seems that previous advice falls flat unless I am missing something:
Top-level Site Collection:
TL Site Owners (full control) -> Selected Admins
TL Site Members (read permission) -> Everyone Except External
Subsite (eg. Dept.X) :
Dept.X Owners (full control) -> group created at top-level site collection assigned to a few people
Dept.X Members (edit) -> group created at top-level site collection assigned to a few people
Dept.X Visitors (read) -> TL Site Members (read)
The problem appears to be that I can't simply add Dept.X Owners and Members groups unless I break the inheritance. Is this to be expected? When I didn't break inheritance those added to Dept.X were also granted to the top-level site above.
Feels wrong based on the understanding that we should try not to break inheritance.
1 Reply
Create your own group(s) with their permissions setup like you want. Then move IDs in/out of the appropriate groups (default or your own). You add the new groups at the top level and apply the permissions down. If there are IDs in both read and edit, edit wins.
