Permissions

You can use a SharePoint site for a wide variety of things. For these instructions, we've assumed the following use case:

A SharePoint Online site made for a group of colleagues to create, share and edit documents and information – some of which may contain private or sensitive information – within a team.
 

Default groups

SharePoint Online has two main default sharing groups:

Site owners have 'Full control' over the site and are responsible for its administration and access. It's advisable to have at least two site owners.

Site members have 'Edit' ability over the site to create share and edit the site, and documents within.

Site visitors is a less-used group, which grants read access only.

One key difference between owners and members is that while both by default can grant access and share, only owners are able to remove access. This can be further restricted so that only owners can share access – see below.
 

Adding and removing access

To quickly add and manage members, select the members icon to the top right of the SharePoint Site:

This brings up the 'Group membership' panel, where new members can be added, and current members can be seen and their access edited or removed:

Most management of a SharePoint Online site can be done within here. You can add or remove people, or promote them to 'Owner' or demote them to 'Member' as required.
 

Site permissions

You can access some further permission settings by selecting the settings cog at the top right of the SharePoint Site, and selecting 'Site permissions':

This opens up a 'Permissions' panel:

By default, the only two groups that will show are 'owners' and 'members', which is expected.

Important: It's possible for a site to be shared with everyone who has a University O365 account. If this is the case, the permission "Everyone except external users" would show under 'Site members'. Site owners should ensure this is not present on their site, if the site is intended to be private.

Site sharing permissions

Site owners can further lock down the SharePoint site so that only owners can grant access, rather than both owners and members, by selecting the 'Site Sharing' link in the 'Permissions' window:

This opens a panel to change the following options:

Site owners can choose the most appropriate settings for their site's purposes. The most locked-down setting would be for "Only site owners can share files, folders, and the site".

Owners of private sites for sharing within a team may also wish to turn off the "Allow access requests" feature.
 

Advanced permissions settings

Most site owners will not need to access the "Advanced permissions settings" link, but you can use it if you're confident and familiar with doing so: