Permissions

Question 1

Which SharePoint page is most important when managing site access and security?

Answer 1

Site Permissions

Question 2

At how many different levels of a site or subsite can permissions be managed?

Answer 2

Four:

• Site
  
  • Library/List
    
    • Folder
      
      • Item

Question 3

Define:

Permission inheritance

Answer 3

It means that a SharePoint component such as a site or library automatically uses the same access settings as its parent.

Example: A folder may inherit the permissions of the document library where it resides, or a library may inherit the permissions of the site where it is located.

Question 4

What term is used to describe access permissions when they are not inherited from a component’s parent?

Answer 4

Unique permissions

Question 5

What term describes a named collection of individuals or domain groups created within SharePoint for the purpose of managing access and security?

Answer 5

A SharePoint group

Question 6

What administrative problem could arise if you frequently opt to manage access at the document or item level?

Answer 6

Access management may require a lot of work and eventually become overwhelming.

It’s generally better to manage access at a higher level - site, library/list, or folder.

Question 7

What is the primary advantage of using SharePoint groups rather than individuals to manage permissions?

Answer 7

They allow you to define a group of individuals at one central location within SharePoint.

You can then grant desired permissions to that group in multiple places within a site or site collection.

Question 8

How can you tell whether a site or site component inherits permissions from its parent?

Answer 8

The top of the Site Permissions page contains a sentence that indicates whether the permissions are inherited.

Question 9

What must a Site Owner do to add someone to a subsite on which permissions are inherited, if permissions on the parent site must not change?

Answer 9

Go to Site Settings and select “Edit Permissions” or “Manage Permissions”.

This breaks the inheritance, establishing “unique permissions” on the subsite.

Question 10

What is the purpose of the permission level known as “Limited Access”?

Answer 10

Limited Access allows the system to access theme files and other hidden files that SharePoint needs in order to properly format and render pages within the site.

Limited Access does not give access to what we normally think of as “content”.

Question 11

When does SharePoint automatically grant a user “Limited Access”?

Answer 11

This occurs when a user has been given access to a component at a lower level within the site or site hierarchy, but hasn’t been given any kind of normal access at the site level.

Limited Access simply allows SharePoint to access some hidden files, stored at the site level, that are needed to properly render pages.

Question 12

Who has the ability to give the “Limited Access” permission level to a user?

Answer 12

SharePoint itself automatically does this when needed for the proper rendering of pages.

It’s not possible for users of any permission level to grant “Limited Access”.

Question 13

What is the name of the permission level that grants read/write access to a user or group?

Answer 13

Contribute

Question 14

What is the name of the permission level that gives a user or group the ability to read, but not add or update?

Answer 14

Read

Question 15

What is the difference between a Site Owner and a Group Owner?

Answer 15

A Site Owner can modify and manage the structure of a site.

A Group Owner can manage the membership and settings associated with a SharePoint group.

A Site Owner can be – but does not have to be – a Group Owner.

Question 16

What is the most notable management difference between a domain group (AD or NT group) and a SharePoint group?

Answer 16

A domain group is managed outside of SharePoint (e.g., on an Active Directory server).

Membership changes must typically be made by authorized individuals not associated with the SharePoint site.

A SharePoint group is managed within SharePoint itself.

Membership changes can be made by the designated Group Owner(s) without assistance.

Question 17

A named collection of individual permissions or rights is called a…

Answer 17

Permission level

**Examples: **

• Approve
• Contribute
• Read

Question 18

The word “permissions” is used in two ways in SharePoint. Describe them.

Answer 18

Permissions can refer to the individual rights that are bundled into a named permission level.

Example: “Edit items” is a permission included within the “Contribute” permission level.

In broader terms, permissions is often used to refer to the whole set of facilities that enable a Site Owner to control access and security.

The context will help you understand which meaning is intended.

Question 19

When a new site or subsite is created, what is the default setting for permission inheritance?

Answer 19

New sites or subsites inherit permissions from the site from which they were created, unless you specify otherwise.

Question 20

Define:

Fine-grained permissions

Answer 20

Permissions managed at the list/library, folder or item level.

Question 21

Why is it important to consider your security requirements before setting up a SharePoint site or group of sites?

Answer 21

It’s best to set up your sites, subsites, lists and libraries so they can use permission inheritance wherever possible.

Put sensitive data into their own subsites, lists, libraries, or folders, using unique permissions there.

Question 22

What should you consider when giving a name to a SharePoint group?

Answer 22

Use a name that differentiates the role represented by that group, within the context of the current site collection.

All SP groups can be used anywhere within the current site collection, so a descriptive name is important.

Question 23

What feature or facility can you use in order to quickly determine a user or SharePoint group’s permissions within the current site collection?

Answer 23

Click on “Check Permissions”.

Question 24

How can you quickly identify content that has unique permissions anywhere within a current site?

Answer 24

On the Site Permissions page, click on “Show me uniquely secured content”.

Question 25

Is it possible to inherit permissions from a parent site while adding a user or group only to the current site?

Answer 25

No, in SharePoint inheritance is all or nothing.

You may notice that when you break inheritance, the users and groups from the parent will remain, ready for you to edit as needed. Future changes at the parent level, however will no longer be passed to this “child” site or level.

Question 26

What performance impact might you experience when viewing a document library if you use a lot of item-level permissions?

Answer 26

The time required to display a document library view will slowly increase with the number of uniquely-permissioned documents.

If possible, set up libraries or folders to hold groups of sensitive documents. Avoid using item-level permissions if possible.

Question 27

You have applied a SharePoint group to two different sites each set up with their own unique permissions.

If you edit the membership of the SP group on one site, will that change affect the other site as well?

Answer 27

Yes. A SP group always has the same membership, no matter where it is used.

Question 28

Is it possible to use the properties of a document to control access?

Answer 28

This is not supported by native SharePoint functionality. Some third-party tools may be able to provide this capability.

Question 29

What permissions option do some lists have that are not found in other lists or in document libraries?

Answer 29

Some lists provide the option to specify whether users may read or edit all items, or only items that they created.

This option is in “Advanced Settings” of such lists.

Question 30

Name the three most commonly used SharePoint groups.

Answer 30

Visitors

Members

Owners

Question 31

What permission level is normally given to the “Visitors” group?

Answer 31

Read

Question 32

What permission level is normally given to the “Members” group?

Answer 32

Contribute

Question 33

What permission level is normally given to the “Owners” group?

Answer 33

Full Control, or Manage Sites.

Question 34

To what extent does the name of a SharePoint group tell you what permission level its members have?

Answer 34

Each group has a default permission level. However, it is not the name of the group that controls the actual permissions it has been granted.

Members may have Contribute permissions at the site level, but be limited to Read permissions in a certain list or library.

To determine actual permission settings, look at the actual permission level assigned to the group at a specific uniquely-permissioned site or component level.

Question 35

What permission level must a user have to manage access to a site?

Answer 35

A user must have Full Control or Manage Sites access to fully manage site permissions.

It is possible, though, for someone with a lower level of access to be specified as the owner of a SharePoint group. If the site manager has granted that SP group access to the site, the owner of the group could effectively authorize a new user by adding the user to the group.