默认 SharePoint 组Default SharePoint groups

创建网站(以前称为 "网站集")时,将自动创建默认 SharePoint 组。The default SharePoint groups are created automatically when you create a site (previously called a "site collection"). 默认组使用 SharePoint 的默认权限级别(有时称为 SharePoint 角色)授予用户权限和访问权限。The default groups use SharePoint's default permission levels - sometimes called SharePoint roles - to grant users rights and access. 这些组具有的权限级别表示用户必须拥有的常见访问权限级别。The permission levels that these groups have represent common levels of access that users have to have. 将用户添加到 SharePoint 网站时,最好从这里入手。They are a good place to start when you add users to a SharePoint site.

管理员可以创建更多的组,以便与特定的业务需求更密切地对齐。Administrators can create additional groups to align more closely with specific business needs. 决定如何设计和填充 SharePoint 安全组是一项重要决定,它会影响网站和网站内容的安全性。Deciding how to design and populate your SharePoint security groups is an important decision that affects security for your site and site content.

以下是有关了解和设置 SharePoint 权限的信息的链接。Here are links to information on understanding and setting SharePoint permissions.

默认 SharePoint 组的权限级别Permission levels for default SharePoint groups

利用 SharePoint 组,可以控制用户集而不是单个用户的访问权限。SharePoint groups enable you to control access for sets of users instead of individual users. SharePoint 组通常由许多个人用户组成。SharePoint groups are usually composed of many individual users. 他们还可以保留 Azure Active Directory 安全组(在 Microsoft 365 或 Azure AD 中创建),也可以是单个用户和安全组的组合。They can also hold Azure Active Directory security groups (created in Microsoft 365 or Azure AD), or can be a combination of individual users and security groups.

每个 SharePoint 组都有一个权限级别。Each SharePoint group has a permission level. 权限级别只是单个权限的集合,如 "打开"、"查看"、"编辑" 或 "删除"。A permission level is simply a collection of individual permissions, such as Open, View, Edit or Delete. 组中的所有用户都自动拥有该组的权限级别。All the users in a group automatically have the permission level of the group. 您可以将用户组织到任意数量的组中,具体取决于组织的复杂程度或您的需求。You can organize users into any number of groups, depending on the complexity of your organization, or your needs.

每个网站模板都有一组与其关联的 SharePoint 组。Each site template has a set of SharePoint groups associated with it. 创建网站时,请使用网站模板,SharePoint 会自动为该网站创建一组正确的 SharePoint 组。When you create a site, you use a site template, and SharePoint automatically creates the correct set of SharePoint groups for the site. 组的特定集合取决于您选择的模板的类型。The specific collection of groups depends on the type of template that you choose.

例如,下表显示为工作组网站创建的组和权限级别:For example, the following table shows the groups and permission levels that are created for team sites:

SharePoint 组数SharePoint groups 默认权限级别Default permission level 适用于工作组网站Applies to team sites
审批者Approvers
批准Approve
No
设计者Designers
设计,有限访问Design, Limited Access
No
层次结构管理者Hierarchy Managers
管理层次结构Manage Hierarchy
No
<site name>员工<site name> Members
编辑Edit
Yes
<site name>所有者<site name> Owners
完全控制Full Control
Yes
<site name>发表<site name> Visitors
读取Read
可访问Yes
受限制读者Restricted Readers
受限读取Restricted Read
No
样式资源读者Style Resource Readers
受限访问Limited Access
No
快速部署用户Quick Deploy Users
参与Contribute
No
翻译 MangersTranslation Mangers
受限访问Limited Access
No

SharePoint 组的建议用法Suggested uses for SharePoint groups

下表介绍了使用标准网站模板创建网站时创建的 SharePoint 组。The following table describes the SharePoint groups that are created when you use a standard site template to create a site. 该表还为每个组提供了建议的用法。The table also provides suggested uses for each group.

组名称Group Name 权限级别)Permission level ) 将此组用于:Use this group for:
审批者Approvers
批准Approve
此组的成员可以编辑和批准页面、列表项和文档。Members of this group can edit and approve pages, list items, and documents.
设计者Designers
设计Design
此组的成员可以编辑网站中的列表、文档库和页面。Members of this group can edit lists, document libraries, and pages in the site. 设计人员可以在母版页样式库中创建母版页和页面布局,并且可以使用母版页和 CSS 文件更改每个子网站的行为和外观。Designers can create Master Pages and Page Layouts in the Master Page Gallery and can change the behavior and appearance of each subsite by using master pages and CSS files.
层次结构管理者Hierarchy Managers
管理层次结构Manage Hierarchy
此组的成员可以创建网站、列表、列表项和文档。Members of this group can create sites, lists, list items, and documents.
所有者Owners
完全控制Full Control
必须能够管理网站权限、设置和外观的人员。People who must be able to manage site permissions, settings, and appearance.
MembersMembers
编辑或参与Edit or Contribute
必须能够编辑网站内容的人员。People who must be able to edit site content. 权限级别取决于用于创建网站的网站模板。Permission level depends on the site template that was used to create the site
访问者Visitors
读取Read
必须能够查看网站内容,但不能对其进行编辑的人员。People who must be able to see site content, but not edit it.
受限制读者Restricted Readers
受限读取Restricted Read
应该能够查看页面和文档但不能查看版本或权限的人员。People who should be able to view pages and documents but not view versions or permissions.
样式资源读者Style Resource Readers
受限读取Restricted Read
此组中的人员具有对样式库和母版页样式库的有限访问权限。People in this group have Limited Access to the Style Library and Master Page Gallery.
快速部署用户Quick Deploy Users
参与Contribute
这些用户可以计划快速部署作业(内容部署)。These users can schedule Quick Deploy jobs (Content Deployment).
查看者Viewers
仅查看View Only
这些用户看到内容,但不能对其进行编辑或下载。These users see content, but can't edit or download it.

特殊 SharePoint 组Special SharePoint Groups

"除外部用户之外的所有人" 是不会出现在 Microsoft 365 管理中心中的特殊组,而 "公司管理员" 的行为与组类似,但在 Azure AD 中是一个角色。"Everyone except external users" is a special group that doesn't appear in the Microsoft 365 admin center, and "Company Administrator" acts like a group but is a role in Azure AD.

除外部用户之外的所有人所有添加到您的组织的用户将自动成为 "除外部用户之外的所有人" 的成员。Everyone except external users All users added to your organization automatically become members of "Everyone except external users". 请注意,不能在 Microsoft 365 组连接的团队网站上更改授予给 "除外部用户之外的所有人" 的默认权限。Please note that you cannot change default permissions granted to "Everyone except external users" on Microsoft 365 group-connected team sites. 如果将组连接的团队网站设置为 "Public",则 "除外部用户之外的所有人" 的默认权限级别为 "编辑"。If a group-connected team site is set to "Public," "Everyone except external users" has a default permission level of "Edit." 如果将组连接的团队网站设置为 "私人",则不能向除外部用户之外的任何人授予对该网站的任何权限。When a group-connected team site is set to "Private," "Everyone except external users" can't be granted any permission to the site. 尽管 "网站权限" 选项卡允许授予修改权限,但后台作业将阻止此类修改生效。Although the "Site permissions" tab will allow modifications to be granted, a background job will block such modifications to take effect. 若要更改与组连接的团队网站的隐私设置,请选择 "设置" 图标,然后选择 "网站信息"。To change the privacy setting for a group-connected team site, select the Settings icon, and then select Site information.

公司管理员该组包含分配了全局管理员角色的所有用户。Company Administrator This group contains all users who are assigned the global admin role. 有关此角色及其在 Azure AD 中的权限的详细信息,请参阅公司管理员For more info about this role and its permissions in Azure AD, see Company administrator. 您的组织的根网站是使用 "公司管理员" 作为主管理员创建的。The root site for your organization is created with "Company Administrator" as the primary admin.

网站管理员Site administrators

Microsoft 365 中的 SharePointSharePoint in Microsoft 365 SharePoint ServerSharePoint Server
谁可以使用此组?Who can use this group?
Yes
Yes

一个网站可以拥有多个网站管理员,但必须有且只有一个主管理员。A site can have several site admins, but must have one and only one primary administrator. 任何网站管理员都可以添加或删除其他管理员。Any site admin can add or remove other admins. 网站管理员可以完全控制网站根目录和网站中的任何子网站,并且可以审核所有网站内容。Site admins have full control of the site root and any subsites in the site, and can audit all site content.

在 SharePoint Server 中,您可以在创建网站时指定网站集管理员。In SharePoint Server, you designate a site collection administrator when you create a site.

SharePoint 管理员SharePoint admins

Microsoft 365 中的 SharePointSharePoint in Microsoft 365 SharePoint ServerSharePoint Server
谁可以使用此组?Who can use this group?
Yes
默认值为 "否"。No, by default.
需要特殊安装。Requires special installation.

在 Microsoft 365 中的 SharePoint 中,还有一个 SharePoint 管理员。SharePoint 管理员可以使用 SharePoint 管理中心或 PowerShell 管理所有网站的设置。In SharePoint in Microsoft 365, there is also a SharePoint admin. A SharePoint admin can use the SharePoint admin center or PowerShell to manage settings for all sites. Microsoft 365 中的任何全局管理员也都具有 SharePoint 管理员的权限。有关 SharePoint 管理员角色的详细信息,请参阅关于 Microsoft 365 中的 sharepoint 管理员角色Any global admin in Microsoft 365 also has the permissions of a SharePoint admin. For more info about the SharePoint admin role, see About the SharePoint admin role in Microsoft 365.

如果您使用的是 SharePoint Server,则没有 SharePoint 管理中心或 SharePoint 管理中心。If you are using SharePoint Server, you do not have a SharePoint admin or SharePoint admin center.