User permissions and permission levels in SharePoint Server

Summary: Learn about the default permission levels and user permissions in SharePoint 2013 and SharePoint Server 2016.

Default permission levels are predefined sets of permissions that you can assign to individual users, groups of users, or security groups, based on the functional requirements of the users and on security considerations. SharePoint Server permission levels are defined at the site collection level and are inherited from the parent object by default.

Default permission levels

Default permission levels are made up of a set of permissions that enable users to perform a collection of related tasks. SharePoint Server includes seven permission levels. You can customize the permissions contained within five of these permission levels. You cannot customize the permissions within the Limited Access and Full Control permission levels.

Note

Although you cannot directly edit the Limited Access and Full Control permission levels, you can make individual permissions unavailable for the entire web application, which removes those permissions from the Limited Access and Full Control permission levels. For more information, see Manage permissions for a web application in SharePoint Server.

The following table lists the default permission levels for team sites in SharePoint Server.

Permission level Description Permissions included by default
View Only
Enables users to view application pages. The View Only permission level is used for the Excel Services Viewers group.
View Application Pages
View Items
View Versions
Create Alerts
Use Self Service Site Creation
View Pages
Browse User Information
Use Remote Interfaces
Use Client Integration Features
Open
Limited Access
Enables users to access shared resources and a specific asset. Limited Access is designed to be combined with fine-grained permissions to enable users to access a specific list, document library, folder, list item, or document, without enabling them to access the whole site. Limited Access cannot be edited or deleted.
View Application Pages
Browse User Information
Use Remote Interfaces
Use Client Integration Features
Open
Read
Enables users to view pages and list items, and to download documents.
Limited Access permissions, plus:
View Items
Open Items
View Versions
Create Alerts
Use Self-Service Site Creation
View Pages
Contribute
Enables users to manage personal views, edit items and user information, delete versions in existing lists and document libraries, and add, remove, and update personal Web Parts.
Read permissions, plus:
Add Items
Edit Items
Delete Items
Delete Versions
Browse Directories
Edit Personal User Information
Manage Personal Views
Add/Remove Personal Web Parts
Update Personal Web Parts
Edit
Enables users to manage lists.
Contribute permissions, plus:
Manage Lists
Design
Enables users to view, add, update, delete, approve, and customize items or pages in the website.
Edit permissions, plus:
Add and Customize Pages
Apply Themes and Borders
Apply Style Sheets
Override List Behaviors
Approve Items
Full Control
Enables users to have full control of the website.
All permissions

If you use a site template other than the team site template, you will see a different list of default SharePoint permission levels. For example, the following table shows additional permission levels provided with the publishing template.

Permission level Description Permissions included by default
Restricted Read
View pages and documents. For publishing sites only.
View Items
Open Items
View Pages
Open
Approve
Edit and approve pages, list items, and documents. For publishing sites only.
Contribute permissions, plus:
Override List Behaviors
Approve Items
Manage Hierarchy
Create sites; edit pages, list items, and documents, and change site permissions. For Publishing sites only.
Design permissions minus the Approve Items, Apply Themes and Borders, and Apply Style Sheets permissions, plus:
Manage permissions
View Web Analytics Data
Create Subsites
Manage Alerts
Enumerate Permissions
Manage Web Site

User permissions

SharePoint Server includes 33 permissions, which are used in the default permission levels. You can configure which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.

Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to certain objects, such as personal views and private Web Parts. The following tables describe what each permission is used for, the dependent permissions, and the permission levels in which it is included.

List permissions

Permission Description Dependent permissions Included in these permission levels by default
Manage Lists
Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
View Items, View Pages, Open
Edit, Design, Full Control, Manage Hierarchy
Override List Behaviors
Discard or check in a document that is checked out to another user, and change or override settings that allow users to read/edit only their own items.
View Items, View Pages, Open
Design, Full Control
Add Items
Add items to lists, and add documents to document libraries.
View Items, View Pages, Open
Contribute, Edit, Design, Full Control
Edit Items
Edit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries.
View Items, View Pages, Open
Contribute, Edit, Design, Full Control
Delete Items
Delete items from a list, and documents from a document library.
View Items, View Pages, Open
Contribute, Edit, Design, Full Control
View Items
View items in lists, and documents in document libraries.
View Pages, Open
Read, Contribute, Edit, Design, Full Control
Approve Items
Approve a minor version of list items or document.
Edit Items, View Items, View Pages, Open
Design, Full Control
Open Items
View the source of documents with server-side file handlers.
View Items, View Pages, Open
Read, Contribute, Edit, Design, Full Control
View Versions
View past versions of a list item or document.
View Items, Open Items, View Pages, Open
Read, Contribute, Edit, Design, Full Control
Delete Versions
Delete past versions of list items or documents.
View Items, View Versions, View Pages, Open
Contribute, Edit, Design, Full Control
Create Alerts
Create alerts.
View Items, View Pages, Open
Read, Contribute, Edit, Design, Full Control
View Application Pages
View forms, views, and application pages. Enumerate lists.
Open
All

Site permissions

Permission Description Dependent permissions Included in these permission levels by default
Manage Permissions
Create and change permission levels on the web site and assign permissions to users and groups.
View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open
Full Control
View Web Analytics Data
View reports on Web site usage.
View Pages, Open
Full Control
Create Subsites
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
View Pages, Browse User Information, Open
Full Control
Manage Web Site
Grants the ability to perform all administration tasks for the web site, as well as manage content.
View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open
Full Control
Add and Customize Pages
Add, change, or delete HTML pages or Web Part pages, and edit the website.
View Items, Browse Directories, View Pages, Open
Design, Full Control
Apply Themes and Borders
Apply a theme or borders to the whole website.
View Pages, Open
Design, Full Control
Apply Style Sheets
Apply a style sheet (.css file) to the website.
View Pages, Open
Design, Full Control
Create Groups
Create a group of users that can be used anywhere within the site collection.
View Pages, Browse User Information, Open
Full Control
Browse Directories
Enumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces.
View Pages, Open
Contribute, Edit, Design, Full Control
Use Self-Service Site Creation
Create a website using Self-Service Site Creation.
View Pages, Browse User Information, Open
Read, Contribute, Edit, Design, Full Control
View Pages
View pages in a website.
Open
Read, Contribute, Edit, Design, Full Control
Enumerate Permissions
Enumerate permissions on the website, list, folder, document, or list item.
Browse Directories, View Pages, Browse User Information, Open
Full Control
Browse User Information
View information about users of the website.
Open
All
Manage Alerts
Manage alerts for all users of the website.
View Items, View Pages, Open, Create Alerts
Full Control
Use Remote Interfaces
Use SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the website.
Open
All
Use Client Integration Features
Use features that launch client applications. Without this permission, users must work on documents locally and then upload their changes.
Use Remote Interfaces, Open, View Items
All
Open
Enables users to open a website, list, or folder to access items inside that container.
None
All
Edit Personal User Information
Enables users to change their own user information, such as adding a picture.
Browse User Information, Open
Contribute, Edit, Design, Full Control

Personal permissions

Permission Description Dependent permissions Included in these permission levels by default
Manage Personal Views
Create, change, and delete personal views of lists.
View Items, View Pages, Open
Contribute, Edit, Design, Full Control
Add/Remove Personal Web Parts
Add or remove personal Web Parts on a Web Part page.
View Items, View Pages, Open, Update Personal Web Parts
Contribute, Edit, Design, Full Control
Update Personal Web Parts
Update Web Parts to display personalized information.
View Items, View Pages, Open
Contribute, Edit, Design, Full Control

See also

Other Resources

Manage permissions for a web application in SharePoint Server