SharePoint permissions for intranet site

Copper Contributor


I was wondering if someone could help me decide what is the best way of implementing SharePoint permissions for the site I am working on. I am using SharePoint classic on Office365. It is an intranet site with various departments which means we will have unique permissions at almost every level or 1st level sub-site at the least. A sample structure of the site with required permissions is as follows:


0HomeAdmins (AD Group); All Employees (AD Group);
0EmployeesAdmins (AD Group); All Employees (AD Group);
2HRAdmins (AD Group); HR Managers (AD Group); HR Employees (AD Group); <adhocemployee1>; <username1>
3HR ManagersAdmins (AD Group); HR Managers (AD Group)
3StaffAdmins (AD Group); HR Employees (AD Group); All Employees (AD Group)
2ITAdmins (AD Group); IT Team (AD Group)
1Non-EmployeesAdmins (AD Group); All Employees (AD Group); All Non-Employees (AD Group)


where 0,1,2 and 3 are the different levels of sites, 0 being top level site and 3 being the 3rd level sub-site. Since the main permissions we will be using are Read, Contribute and Full Control, I plan to have 3 SharePoint Groups each for every sub-site. So, 3 for Employees, 3 for HR and so on. I am not sure if this is the right approach. Would it be better to have all users/AD groups individually assigned permissions rather than organizing them in groups? We will also have library level permissions assigned to users/AD Groups due to how they are accessed by the people in our organization which makes it a bit complicated and difficult to manage and adhoc requests that come in ever so often for access to certain sub-sites/libraries.


My Approach:


HR sub-site permissions with SharePoint Groups


HR AdminsFull ControlAdmins (AD Group)
HR ReadersReadHR Employees (AD Group); 
HR ContributorsContributeHR Managers (AD Group); <username1>

The other approach which I am not inclined towards is as follows:


HR Managers (AD Group)Contribute
HR Employees (AD Group)Read
Admins (AD Group)Full Control


Hoping someone would be able to tell me which approach is more suitable for my scenario.

Thank you!

4 Replies


Stay away (as much as possible) from assigning individual permissions. If you have 1 or 2 users that "might" be OK, but still.

And seeing that you will also break permissions inheritance on one or more libraries, this can/will get messy pretty quickly...


Why are you using a classic site? Can you not use a Communication site & hubsites?


Build your Modern Intranet on SharePoint in Office 365



@Veronique Lengelle I've recently migrated our existing intranet from SharePoint 2010 to Office365. I am yet to understand why I should choose Modern site over classic. Apart from the benefit of viewing the site in mobile view, it seems to lack flexibility, and features that were otherwise available in the classic version are not available anymore. I would like to use announcements web part, have more than 3 levels of menu items in the mega menu, attach images inline with text, and many others, which are not currently available on modern sites.


I will go ahead with my approach in terms of permissions then, and see how that works out. Thank you.


Do you have an obvious way of giving specific users "add" permissions to the newsfeed in SharePoint Intranet without giving them the ability to add/edit web pages? I've managed to get close but the users receive errors when trying to add news. The error message reads "Changes not saved: We're sorry, we encountered an unexpected error. Please refresh the page and try again."

@TazIT News pages in SharePoint are normal site pages only with some flags (promoted state) set to some specific value.


So, if you want to grant access to create news pages in site, you are granting access to create/edit site pages in SharePoint site. You cannot differentiate the permissions using SharePoint out of the box features.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.