After creating a SharePoint site, permission levels come into picture. A user may want to provide or restrict access to a site or its contents. Other than the conventional groups and permissions levels provided, a user can even devise permissions way beyond the default levels.
Understanding permissions inheritance
If a user works on a site, he/she is essentially working inside a site collection. In a nutshell, every site exists in site collection i.e. there is a group of sites under a single top-level site. The top-level site is called the root site of the site collection.
Shown below is an illustration of a site collection depicting a simple hierarchy of sites, lists and list items.
Inheritance
Permissions inheritance is an important concept. All the sites and site contents by design inherit permissions settings of the root or top-level site. Once a user assigns a unique permission to sites, libraries, and items, the items will no longer inherit permissions from their parent site.
A site collection administrator can configure permissions for the top level site or root site for the whole collection.
Lists and libraries inherit permissions from the site to which they belong.But a site owner can stop permissions inheritance by changing the permission settings for the list or library.
A site owner can stop permission inheritance for the site by changing permission settings for the site.
It is important to know that by sharing a document or item with someone who does not have access,a user can interrupt the default permission inheritance for a list or library item. In such cases SharePoint automatically stops inheritance on the document.
Default Permission Levels
With default permission levels, you can provide one user or groups of users common levels of permissions.
Permission levels and SharePoint groups
SharePoint groups and permission levels go hand-in-hand. A SharePoint group is essentially a set of users who all have the same permission level. You might be wondering how does this work? A user can put related permissions together into a permission level.And the permission level is assigned to a SharePoint group.
Permissions and dependent permissions
A SharePoint permission can depend on other SharePoint permissions. To understand this, let's take an example. To edit a file you must open it. Thus, Edit permission depends on Open permission. When a user selects a SharePoint permission dependent on another permission, SharePoint automatically selects the associated permission. Similarly, the same logic applies when you clear SharePoint permission, SharePoint automatically clears any SharePoint permission that depends on it.
Lockdown mode
Secure published sites with the lockdown mode- Limited-access user permission. If a user turns lockdown mode ON, the fine-grain permissions for the limited access permission levels are reduced.
Plan your permission strategy
Utilize your understanding of permission levels and inheritance to plan your permission strategy in order to minimize maintenance, ensure compliance with your organization's data governance policies and to set guidelines for your users.