This page covers:
We also recommend that you read our page about how to monitor your SharePoint permissions. This gives some suggestions about how to make sure you are only sharing files with people you have
User groups in SharePoint
SharePoint Online has 2 main default sharing groups:
Site owners have 'Full control' over the site and are responsible for its administration and access. It's advisable to have at least two site owners.
Site members have 'Edit' ability over the site to create share and edit the site, and documents within.
Site visitors is a less-used group, which grants read access only.
One key difference between owners and members is that while both by default can grant access and share, only owners are able to remove access. This can be further restricted so that only owners can share access – see below.
Adding and removing member access
To quickly add and manage members, select the member's icon to the top right of the SharePoint Site:
This brings up the 'Group membership' panel, where new members can be added, and current members can be seen and their access edited or removed:
Most management of a SharePoint Online site can be done here. You can add or remove people, or promote them to 'Owner' or demote them to 'Member' as required.
Site permissions
You can access some further permission settings by selecting the settings cog at the top right of the SharePoint Site, and selecting 'Site permissions':
This opens up a 'Permissions' panel:
By default, the only two groups that will show are 'owners' and 'members', which is expected.
Important: It's possible for a site to be shared with everyone who has a University Office 365 account. If this is the case, the permission "Everyone except external users" would show under 'Site members'. Site owners should ensure this is not present on their site, if the site is intended to be private.
Site sharing permissions
Site owners can further lock down the SharePoint site so that only owners can grant access, rather than both owners and members, by selecting the 'Site Sharing' link in the 'Permissions' window:
This opens a panel to change the following options:
Site owners can choose the most appropriate settings for their site's purposes. The most locked-down setting would be for "Only site owners can share files, folders, and the site".
Owners of private sites for sharing within a team may also wish to turn off the "Allow access requests" feature.
Advanced permissions settings
Most site owners will not need to access the "Advanced permissions settings" link, but you can use it if you're confident and familiar with doing so: