Forum Discussion
SharePoint Permissions
I've been using SharePoint online for about a year now. I have found everything I have needed to do to be pretty straightforward except for permissions. My admin gave me a team site to store my documents. I have since created some lists and use Power Automate for workflows.
I have three members who have edit access more for back up purposes than anything else. Now, I would like to give access to everyone in the company so that they may contribute by filling out forms and viewing their own items but not able to edit or delete anything. All the online videos are for communication site permissions. Is this not possible for a team site?
When you open the advanced permission settings, click Grant Permission on the ribbon. Then, add your distribution list (such as “Everyone Except External Users”) and grant it direct access, rather than including it in any default groups. Once direct access has been assigned, remove the DL from any default groups, such as “Members, Visitors or Owners".
This direct access configuration is automatically applied at the site level. Although the modern experience interface only shows the three default SharePoint groups, any direct access assigned through the advanced permission settings in the classic experience is still in effect. In other words, what you see in the modern experience does not negate the permissions you’ve already set through the classic interface.
First, let's understand what permission level you need:
- "Contribute - Limited Access" is perfect for your case - it allows users to add items to lists and fill out forms, but prevents them from editing or deleting existing items
Here's how to set this up:
- Go to your team site's Settings (gear icon) → Site permissions
- Click "Advanced permissions settings"
- From the ribbon, select "Permission Levels"
- If "Contribute - Limited Access" doesn't exist:
- Click "Add Permission Level"
- Name it "Contribute - Limited Access"
- Check only these permissions:
- List Permissions: Add Items, View Items
- Site Permissions: View Pages, Open
- Personal Permissions: View Only
To apply these permissions:
- Return to Site permissions
- Click "Share site"
- Add "Everyone except external users".
- Click "Show Options"
- Change the permission level to "Contribute - Limited Access"
- Click "Share"
Key things to note:
- Your existing three members with edit access won't be affected by this change
- Users will only be able to see items they create plus any items you explicitly share
- For list-specific permissions, you can also break inheritance at the list level and apply these permissions there instead of site-wide
The "Share Site" button is only on a Communication site. I was given a Team site to work with. I know it's not recommended but would editing the Read permission level work? Would the Site Visitors then be able to have limited control?
Manage Permissions Using Direct URLs: 1. Advanced Permissions Settings: Navigate to: https://<your-site-name>.sharepoint.com/sites/<your-site-name>/_layouts/15/user.aspx Use this page to manage and view site users and groups. 2. Permission Levels: Navigate to: https://<your-site-name>.sharepoint.com/sites/<your-site-name>/_layouts/15/role.aspx Use this page to edit existing permission levels or create custom ones. Example: For a site named “Marketing-Team”: Advanced Permissions: https://Contoso.sharepoint.com/sites/Marketing-Team/_layouts/15/user.aspx Permission Levels: https://Contoso.sharepoint.com/sites/Marketing-Team/_layouts/15/role.aspx
Adjusting Read Permissions:Use the Permission Levels URL above.
Either edit Read (not recommended) or create a custom permission level with limited access, like “View Items” and “View Pages.”
The direct URLs work seamlessly regardless of whether your site is a Team Site or a Communication Site. Use them to navigate directly to the appropriate locations for managing permissions efficiently.
When you open the advanced permission settings, click Grant Permission on the ribbon. Then, add your distribution list (such as “Everyone Except External Users”) and grant it direct access, rather than including it in any default groups. Once direct access has been assigned, remove the DL from any default groups, such as “Members, Visitors or Owners".
This direct access configuration is automatically applied at the site level. Although the modern experience interface only shows the three default SharePoint groups, any direct access assigned through the advanced permission settings in the classic experience is still in effect. In other words, what you see in the modern experience does not negate the permissions you’ve already set through the classic interface.
Now I get it! Any chance you can recommend videos on permissions?
