I thought I was losing my marbles not being able to remember what roles did what for a SharePoint Site Collection based on the Publishing Portal Template. Better write it down before I forget again… Feel free to add comments!

By default, an OOB SharePoint Site Collection based on the Publishing Portal Template contains the following groups in order of most privileged to least:

Site Collection Administrator   Members of this group have untethered access to all resources within the Site Collection and also supersedes the Owners group.  
       
Publishing Portal Owners   Use this group to give people full control permissions to the SharePoint site: Publishing Portal  
 
Hierarchy Managers   Members of this group can create sites, lists, list items, and documents.  
 
Designers   Members of this group can edit lists, document libraries, and pages in the site. Designers can create Master Pages and Page Layouts in the Master Page Gallery and can change the behavior and appearance of each site in the site collection by using master pages and CSS files.  
 
Approvers   Members of this group can edit and approve pages, list items, and documents.  
       
Publishing Portal Members   Use this group to give people contribute permissions to the SharePoint site: Publishing Portal  
       
Publishing Portal Visitors   Use this group to give people read permissions to the SharePoint site: Publishing Portal  
 
Quick Deploy Users   Members of this group can schedule Quick Deploy jobs.  
 
Restricted Readers   Members of this group can view pages and documents, but cannot view historical versions or review user rights information.  
 
Style Resource Readers   Members of this group are given read permission to the master page gallery and the Restricted read permission to the Style Library. By default, all authenticated users are a member of this group. To further secure this site, you can remove all authenticated users from this group or add users to this group.  
       

Approver Roles

The minimum rights that a user will need in order to approve content is ‘Member’ and ‘Approvers’.

All Other Roles

Note that the following roles are scoped at the site level and can be recreated or inherited for each new subsite that is created:

  1. Site Owners
  2. Site Members
  3. Site Visitors

All other roles occur only once per Site Collection.

Content Management & User Roles for Subsites

When creating subsites, you have the ability to:

  1. Inherit permissions from the parent.
  2. Use unique permissions.

When using unique permissions, the minimum role that a user must have in order to generate content is to be a ‘Member’ of that site. The minimum roles that a user needs in order to approve content is to be a ‘Member’ of that site AND to be a member of the ‘Approvers’ group at the Site Collection Level.

Advertisements