I thought I was losing my marbles not being able to remember what roles did what for a SharePoint Site Collection based on the Publishing Portal Template. Better write it down before I forget again… Feel free to add comments!
By default, an OOB SharePoint Site Collection based on the Publishing Portal Template contains the following groups in order of most privileged to least:
|Site Collection Administrator||Members of this group have untethered access to all resources within the Site Collection and also supersedes the Owners group.|
|Publishing Portal Owners||Use this group to give people full control permissions to the SharePoint site: Publishing Portal|
|Hierarchy Managers||Members of this group can create sites, lists, list items, and documents.|
|Designers||Members of this group can edit lists, document libraries, and pages in the site. Designers can create Master Pages and Page Layouts in the Master Page Gallery and can change the behavior and appearance of each site in the site collection by using master pages and CSS files.|
|Approvers||Members of this group can edit and approve pages, list items, and documents.|
|Publishing Portal Members||Use this group to give people contribute permissions to the SharePoint site: Publishing Portal|
|Publishing Portal Visitors||Use this group to give people read permissions to the SharePoint site: Publishing Portal|
|Quick Deploy Users||Members of this group can schedule Quick Deploy jobs.|
|Restricted Readers||Members of this group can view pages and documents, but cannot view historical versions or review user rights information.|
|Style Resource Readers||Members of this group are given read permission to the master page gallery and the Restricted read permission to the Style Library. By default, all authenticated users are a member of this group. To further secure this site, you can remove all authenticated users from this group or add users to this group.|
The minimum rights that a user will need in order to approve content is ‘Member’ and ‘Approvers’.
All Other Roles
Note that the following roles are scoped at the site level and can be recreated or inherited for each new subsite that is created:
- Site Owners
- Site Members
- Site Visitors
All other roles occur only once per Site Collection.
Content Management & User Roles for Subsites
When creating subsites, you have the ability to:
- Inherit permissions from the parent.
- Use unique permissions.
When using unique permissions, the minimum role that a user must have in order to generate content is to be a ‘Member’ of that site. The minimum roles that a user needs in order to approve content is to be a ‘Member’ of that site AND to be a member of the ‘Approvers’ group at the Site Collection Level.