SharePoint 中的各个权限级别Permission levels in SharePoint

虽然 SharePoint 为网站提供了各种权限级别,但我们强烈建议对通信网站使用内置的 SharePoint 组,并通过关联的 Microsoft 365 组来管理团队网站权限。While SharePoint offers a variety of permission levels for sites, we highly recommend using the built-in SharePoint groups for communication sites and managing team site permissions through the associated Microsoft 365 group. 这使得管理更加容易。This allows for much easier administration. 有关在 SharePoint 新式体验中管理权限的信息,请参阅SharePoint 新式体验中的共享和权限For information about managing permissions in the SharePoint modern experience, see Sharing and permissions in the SharePoint modern experience.

了解权限级别Understanding permission levels

处理权限的最简便方法是使用所提供的默认组和权限级别,这涵盖了大多数常见方案。The easiest way to work with permissions is to use the default groups and permissions levels provided, which cover most common scenarios. 但是,如果需要,可以设置优于默认级别的更细化权限。But, if you need to, you can set more fine-grained permissions beyond the default levels. 本文介绍不同的权限和权限级别、如何结合使用 SharePoint 组和权限以及权限如何通过网站集级联。This article describes the different permissions and permission levels, how SharePoint groups and permissions work together, and how permissions cascade through a site collection.

备注

想要直接转到更改或设置权限级别的步骤?Want to go straight to the steps for changing or setting permission levels? 请参阅如何创建和编辑权限级别See How to create and edit Permission Levels.

权限继承概述Overview and permissions inheritance

如果在某个网站中操作,则同时也是在某个网站集内进行操作。每个网站都存在于一个网站集中,网站集是指位于首要网站下的一组网站。首要网站称为网站集的根网站。If you work on a site, you are working inside a site collection. Every site exists in a site collection, which is a group of sites under a single top-level site. The top-level site is called the root site of the site collection.

以下网站集图显示了一个简单的网站、列表和列表项层次结构。权限范围进行了编号,从可以设置权限的最广泛范围开始,在最窄级别处(列表中的单个项目)结束。The following illustration of a site collection shows a simple hierarchy of sites, lists and list items. The permissions scopes are numbered, starting at the broadest level at which permissions can be set, and ending at the narrowest level (a single item in a list).

显示了网站、子网站、列表和项目上的'SharePoint 安全性'范围的图片。

继承Inheritance

权限继承是要了解的一个重要概念。按照设计,集合中的所有网站和网站内容都会继承根网站或首要网站的权限设置。为网站、库和项分配独有权限时,这些项不再从父网站继承权限。下面详细介绍了权限在层次结构中的工作方式:An important concept to understand is permissions inheritance. By design, all the sites and site content in a collection inherit the permissions settings of the root or top-level site. When you assign unique permissions to sites, libraries, and items, those items no longer inherit permissions from their parent site. Here's more information on how permissions work within the hierarchy:

  • 网站集管理员为整个集合配置首要网站或根网站的权限。A site collection administrator configures permissions for the top level site or root site for the whole collection.

  • 如果你是网站所有者,可以更改网站的权限设置,从而停止网站的权限继承。If you are a site owner, you can change permission settings for the site, which stops permission inheritance for the site.

  • 列表和库会从其所属的网站继承权限。如果你是网站所有者,则可以停止权限继承,并更改列表或库的权限设置。Lists and libraries inherit permissions from the site to which they belong. If you are a site owner, you can stop permissions inheritance and change the permission settings for the list or library.

  • 列表项和库文件从其父列表或库继承权限。如果拥有列表或库的控制权限,则可以停止权限继承,并直接在特定项目中更改权限设置。List items and library files inherit permissions from their parent list or library. If you have control of a list or library, you can stop permissions inheritance and change permissions settings directly on a specific item.

    用户可以通过与不具有访问权限的人员共享文档或项来中断列表或库项的默认权限继承,知道这一点非常重要。在这种情况下,SharePoint 会自动停止文档的继承。It is important to know that a user can interrupt the default permission inheritance for a list or library item by sharing a document or item with someone who does not have access. In that case, SharePoint automatically stops inheritance on the document.

默认权限级别Default Permission Levels

使用默认权限级别,可快速轻松地为一个用户或多个用户组提供常见级别的权限。Default permission levels allow you to quickly and easily provide common levels of permissions for one user or groups of users.

可更改任何默认权限级别,“完全控制”和“受限访问”除外,下表对这两种情况进行了更详细的说明。You can make changes to any of the default permissions levels, except Full Control and Limited Access, both of which are described more fully in the following table.

权限级别Permission Level 说明Description
完全控制Full Control
包含所有可用的 SharePoint 权限。默认情况下,此权限级别分配给"所有者"组。不能自定义或删除该权限级别。Contains all available SharePoint permissions. By default, this permission level is assigned to the Owners group. It can't be customized or deleted.
设计Design
可以在网站上创建列表和文档库、编辑页面以及应用主题、边框和样式表。该权限级别不会自动分配给任何 SharePoint 组。Create lists and document libraries, edit pages and apply themes, borders, and style sheets on the site. There is no SharePoint group that is assigned this permission level automatically.
编辑Edit
添加、编辑和删除列表;查看、添加、更新和删除列表项和文档。默认情况下,此权限级别分配给"成员"组。Add, edit, and delete lists; view, add, update, and delete list items and documents. By default, this permission level is assigned to the Members group.
参与Contribute
查看、添加、更新和删除列表项和文档。View, add, update, and delete list items and documents.
读取Read
查看现有列表和文档库中的页面和项目,以及下载文档。View pages and items in existing lists and document libraries and download documents.
受限访问Limited Access
在用户或组没有权限打开或编辑网站或库中任何其他项目的情况下,允许其浏览到网站页面或库以访问特定内容项目。Enables a user or group to browse to a site page or library to access a specific content item when they do not have permissions to open or edit any other items in the site or library. 提供对一个特定项目的访问权限时,SharePoint 会自动分配此级别。This level is automatically assigned by SharePoint when you provide access to one specific item. 不能直接自行将"受限访问"权限分配给用户或组。You cannot assign Limited Access permissions directly to a user or group yourself. 分配对单个项目的编辑或打开权限时,SharePoint 会自动将"受限访问"分配给其他所需位置,例如单个项目所在的网站或库。Instead, when you assign edit or open permissions to the single item, SharePoint automatically assigns Limited Access to other required locations, such as the site or library in which the single item is located. 这可让 SharePoint 正确显示用户界面,并向使用者显示使用者所在网站位置附近的一些内容。This allows SharePoint to render the user interface correctly and show the user some context around their location in the site. 受限访问不会授予任何其他权限给用户,因此他们无法查看或访问任何其他内容。Limited Access does not grant any additional permissions to the user, so they can't see or access any other content.
仅 Web 受限访问Web-Only Limited Access
仅 Web 受限访问是“受限访问”权限级别的一个变体,它允许用户仅访问 Web 对象。Web-Only Limited access is a variant of the ‘Limited Access’ permission level which enables users’ access to the web object only.
批准Approve
编辑和审批网页、列表项和文档。默认情况下," 审批者 "组具有此权限。 Edit and approve pages, list items, and documents. By default, the Approvers group has this permission.
管理层次结构Manage Hierarchy
创建网站和编辑网页、列表项和文档。默认情况下,此权限级别分配给" 层次结构管理者 "组。 Create sites and edit pages, list items, and documents. By default, this permission level is assigned to the Hierarchy Managers group.
受限读取Restricted Read
查看网页和文档,但无法查看历史版本或用户权限。View pages and documents, but not historical versions or user permissions.
仅查看View Only
查看网页、项目和文档。 可以在浏览器中查看具有服务器端文件处理程序的任何文档,但不能下载。 没有服务器端文件处理程序的的文件类型(无法在浏览器中打开),例如视频文件, .pdf 文件和. png 文件,仍然可以下载。View pages, items, and documents. Any document that has a server-side file handler can be viewed in the browser but not downloaded. File types that do not have a server-side file handler (cannot be opened in the browser), such as video files, .pdf files, and .png files, can still be downloaded.

备注

Microsoft 365 订阅创建一个名为“除外部用户外的所有人”的安全组,该组包含添加到 Microsoft 365 目录中的每个人(明确添加为外部用户的人除外)。Microsoft 365 subscriptions create a security group called "Everyone except external users" that contains every person you add into the Microsoft 365 directory (except people who you add explicitly as External Users). 此安全组会自动添加到新式团队网站上的“成员”组,并具有“公开”隐私设置,好让 Microsoft 365 中的用户可以访问并编辑 SharePoint 网站。This security group added to the Members group automatically on Modern Team sites with Public privacy settings, so that users in Microsoft 365 can access and edit the SharePoint site. 另外,对于创建为“私人”的新式团队网站,“除外部用户之外的所有人”都不能被授予任何权限,并且必须明确地授予人员权限。Also, for Modern Team sites created as Private, "Everyone except external users" cannot be granted any permissions and people must be explicitly granted permissions. 此外,Microsoft 365 订阅会创建一个名为"公司管理员"的安全组,该组包含 Microsoft 365 管理员(如全局管理员和帐务管理员)。In addition, Microsoft 365 subscriptions create a security group called "Company Administrators", which contains Microsoft 365 Admins (such as Global and Billing Admins). 此安全组已添加到网站集管理员组。This security group is added to the Site Collection Administrators group. 有关详细信息,请参阅默认 SharePoint 组For more info, see Default SharePoint groups.

默认情况下,站点所有者和成员可以向站点添加新用户。By default, site owners and members can add new users to the site.

要了解有关“除外部用户以外的所有人”权限的详细信息,请参阅特殊 SharePoint 组To learn more about "Everyone except external users" permission, see Special SharePoint Groups

权限级别和 SharePoint 组Permission levels and SharePoint groups

权限级别可与 SharePoint 组结合使用。SharePoint 组是一组具有相同权限级别的用户。Permission levels work together with SharePoint groups. A SharePoint group is a set of users who all have the same permission level.

其工作方式是将相关权限放在一个权限级别。然后将该权限级别分配给 SharePoint 组。The way this works is that you put related permissions together into a permission level. Then you assign that permission level to a SharePoint group.

Site permission dialog under Site Settings/Users and Permissions/Site Permissions

默认情况下,每种 SharePoint 网站都包含特定 SharePoint 组。例如,工作组网站自动包括"所有者"、"成员"和"访问者"组。"发布门户"网站包括以上组,还包括其他一些组,如"审批者"、"设计者"、"层次结构管理者"等。在创建网站时,SharePoint 会自动为该网站创建预定义的 SharePoint 组集合。此外,SharePoint 管理员可以定义自定义组和权限级别。By default, each kind of SharePoint site includes certain SharePoint groups. For example, a Team Site automatically includes the Owners, Members, and Visitors group. A Publishing Portal site includes those groups and several more, such as Approvers, Designers, Hierarchy Managers, and so on. When you create a site, SharePoint automatically creates a pre-defined set of SharePoint groups for that site. In addition, a SharePoint admin can define custom groups and permission levels.

若需了解有关 SharePoint 组的详细信息,请参阅了解 SharePoint 组To learn more about SharePoint groups, see Understanding SharePoint groups.

默认情况下你网站中包含的 SharePoint 组和权限级别可能有所不同,具体取决于:The SharePoint groups and permission levels that are included by default in your site may differ, depending on:

  • 您为网站选择的模板The template that you choose for the site

  • SharePoint 管理员是否在网站上创建了具有特定用途(如搜索)的唯一权限集Whether a SharePoint admin created a unique permissions set on the site that has a specific purpose, such as Search

下表描述了以下三个标准组的默认权限级别和关联权限:"访问者"、"成员"和"所有者"。The following table describes the default permission levels and associated permissions for three standard groups: Visitors, Members, and Owners.

Group 权限级别Permission level
访问者Visitors
读取 此级别包括以下权限:Read This level includes these permissions:
打开Open
查看"项目"、"版本"、"页面"和"应用程序"页面View Items, Versions, pages, and Application pages
浏览用户信息Browse User Information
创建通知Create Alerts
使用自助式网站创建Use Self-Service Site Creation
使用远程接口Use Remote Interfaces
使用客户端集成功能Use Client Integration Features
成员Members
编辑 此级别包括"读取"中的所有权限,以及:Edit This level includes all permissions in Read, plus:
查看、添加、更新和删除项目View, add, update and delete Items
添加、编辑和删除列表Add, Edit and Delete Lists
删除版本Delete Versions
浏览目录Browse Directories
编辑个人用户信息Edit Personal User Information
管理个人视图Manage Personal Views
添加、更新或删除个人 Web 部件Add , Update, or Remove Personal Web Parts
所有者Owners
完全控制 此级别包括所有可用的 SharePoint 权限。Full Control This level includes all available SharePoint permissions.

网站权限和权限级别Site permissions and permission levels

网站权限通常应用于整个 SharePoint 网站。下表描述了应用于网站的权限,并显示使用这些权限的权限级别。Site permissions apply generally across a SharePoint site. The following table describes the permissions that apply to sites, and show the permission levels that use them.

权限Permission 完全控制Full Control 设计Design 编辑Edit 参与Contribute 读取Read 受限访问Limited Access 批准Approve 管理层次结构Manage Hierarchy 受限读取Restricted Read 仅查看View Only
管理权限Manage Permissions
XX
XX
查看 Web 分析数据View Web Analytics Data
XX
XX
创建子网站Create Subsites
XX
XX
管理网站Manage Web Site
XX
XX
添加和自定义网页Add and Customize Pages
XX
XX
XX
应用主题和边框Apply Themes and Borders
XX
XX
应用样式表Apply Style Sheets
XX
XX
创建组Create Groups
xX
浏览目录Browse Directories
XX
XX
XX
XX
XX
XX
使用自助式网站创建Use Self-Service Site Creation
XX
XX
XX
XX
XX
XX
XX
XX
查看网页View Pages
XX
XX
XX
XX
XX
XX
XX
XX
XX
枚举权限Enumerate Permissions
XX
XX
浏览用户信息Browse User Information
XX
XX
XX
XX
XX
XX
XX
XX
XX
管理通知Manage Alerts
XX
XX
使用远程接口Use Remote Interfaces
XX
XX
XX
XX
XX
XX
XX
XX
使用客户端集成功能Use Client Integration Features
XX
XX
XX
XX
XX
XX
XX
XX
XX
打开Open
XX
XX
XX
XX
XX
XX
XX
XX
XX
XX
编辑个人用户信息Edit Personal User Information
XX
XX
XX
XX
XX
XX

列表权限和权限级别List permissions and permission levels

列表权限应用于列表和库中的内容。下表描述了应用于列表和库的权限,并显示使用这些权限的权限级别。List permissions apply to content in lists and libraries. The following table describes the permissions that apply to lists and libraries, and show the permission levels that use them.

权限Permission 完全控制Full Control 设计Design 编辑Edit 参与Contribute 读取Read 受限访问Limited Access 批准Approve 管理层次结构Manage Hierarchy 受限读取Restricted Read 仅查看View Only
管理列表Manage Lists
XX
XX
XX
XX
替代签出Override Check-Out
XX
XX
XX
XX
添加项目Add Items
XX
XX
XX
XX
XX
XX
编辑项目Edit Items
XX
XX
XX
XX
XX
XX
删除项目Delete Items
XX
XX
XX
XX
XX
XX
查看项目View Items
XX
XX
XX
XX
XX
XX
XX
XX
XX
审批项目Approve Items
XX
XX
XX
打开项目Open Items
XX
XX
XX
XX
XX
XX
XX
XX
查看版本View Versions
XX
XX
XX
XX
XX
XX
XX
XX
删除版本Delete Versions
XX
XX
XX
XX
XX
XX
创建通知Create Alerts
XX
XX
XX
XX
XX
XX
XX
XX
查看应用程序页面View Application Pages
XX
XX
XX
XX
XX
XX
XX
XX

个人权限和权限级别Personal permissions and permission levels

个人权限应用于属于单个用户的内容。下表描述了应用于个人视图和 Web 部件的权限,并显示使用这些权限的权限级别。Personal permissions apply to content that belongs to a single user. The following table describes the permissions that apply to personal views and web parts, and show the permission levels that use them.

权限Permission 完全控制Full Control 设计Design 编辑Edit 参与Contribute 读取Read 受限访问Limited Access 批准Approve 管理层次结构Manage Hierarchy 受限读取Restricted Read 仅查看View Only
管理个人视图Manage Personal Views
XX
XX
XX
XX
XX
XX
添加/删除专用 Web 部件Add/Remove Private Web Parts
XX
XX
XX
XX
XX
XX
更新个人 Web 部件Update Personal Web Parts
XX
XX
XX
XX
XX
XX

权限和依赖权限Permissions and dependent permissions

SharePoint 权限可以依赖于其他 SharePoint 权限。例如,要查看某个项目,必须能够将其打开。这样,"查看项目"权限就依赖于"打开"权限。SharePoint permissions can depend on other SharePoint permissions. For example, you must be able to open an item to view it. In this way, View Items permission depends on Open permission.

当你选择依赖于另一个 SharePoint 权限的 SharePoint 权限时,SharePoint 会自动选择相关联的权限。同样,当你清除 SharePoint 权限时,SharePoint 会自动清除依赖于该权限的任何 SharePoint 权限。例如,当你清除"查看项目",SharePoint 会自动清除"管理列表"(如果不能查看项目,就不能管理列表)。When you select a SharePoint permission that depends on another, SharePoint automatically selects the associated permission. Similarly, when you clear SharePoint permission, SharePoint automatically clears any SharePoint permission that depends on it. For example, when you clear View Items, SharePoint automatically clears Manage Lists (you can't manage a list if you can't view an item).

提示

只有"打开"才是没有依赖项的 SharePoint 权限。所有其他 SharePoint 权限均依赖于该权限。若要测试自定义权限级别,只需清除"打开"。此操作将自动清除所有其他权限。The only SharePoint permission without a dependency is Open. All other SharePoint permissions depend on it. To test a custom permission level, you can just clear "Open". This automatically clears all other permissions.

以下各节包含描述每个权限类别的 SharePoint 权限的表。该表显示每个权限的依赖权限。The following sections contain tables that describe SharePoint permissions for each permission category. For each permission, the table shows the dependent permissions.

网站权限和依赖权限 Site permissions and dependent permissions

下表描述了应用于网站的权限,并显示依赖这些权限的权限。The following table describes the permissions that apply to sites, and show the permissions that depend on them.

权限Permission 说明Description 依赖的权限Dependent permissions
管理权限Manage Permissions
创建并更改网站上的权限级别,并为用户和组分配权限。Create and change permission levels on the website and assign permissions to users and groups.
审批项目、枚举权限、打开Approve Items, Enumerate Permissions, Open
查看 Web 分析数据View Web Analytics Data
查看网站的使用情况报告。View reports on website usage.
审批项目、打开Approve Items, Open
创建子网站Create Subsites
创建子网站,例如工作组网站、会议工作区网站以及文档工作区网站。Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
查看网页、打开View Pages, Open
管理网站Manage website
执行网站的所有管理任务,其中包括管理内容。Perform all administration tasks for the website, which includes managing content.
查看网页、打开View Pages, Open
添加和自定义网页Add and Customize Pages
添加、更改或删除 HTML 页面或 Web 部件页,通过使用与 Windows SharePoint Services 兼容的编辑器编辑网站。Add, change, or delete HTML pages or Web Part pages, and edit the website by using a Windows SharePoint Services-compatible editor.
查看项目、浏览目录、查看网页、打开View Items, Browse Directories, View Pages, Open
应用主题和边框Apply Themes and Borders
将主题或边框应用于整个网站。Apply a theme or borders to the whole website.
查看网页、打开View Pages, Open
应用样式表Apply Style Sheets
将样式表(.css 文件)应用于网站。Apply a style sheet (.css file) to the website.
查看网页、打开View Pages, Open
创建组Create Groups
创建可在网站集合内的任何位置使用的用户组。Create a group of users who can be used anywhere within the site collection.
查看网页、打开View Pages, Open
浏览目录Browse Directories
使用界面(例如 SharePoint Designer 或基于 Web 的分布式制作和版本管理 (Web DAV))来枚举网站中的文件和文件夹。Enumerate files and folders in a website, by using an interface such as SharePoint Designer or web-based Distributed Authoring and Versioning (Web DAV).
查看网页、打开View Pages, Open
使用自助式网站创建Use Self-Service Site Creation
通过使用自助式网站创建功能来创建网站。Create a website by using Self-Service Site Creation.
查看网页、打开View Pages, Open
查看网页View Pages
查看网站中的网页。View pages in a website.
打开Open
枚举权限Enumerate Permissions
枚举网站、列表、文件夹、文档或列表项的权限。Enumerate permissions on the website, list, folder, document, or list item.
查看项目、打开项目、查看版本、浏览目录、查看网页、打开View Items, Open Items, View Versions, Browse Directories, View Pages, Open
浏览用户信息Browse User Information
查看有关网站用户的信息。View information about users of the website.
打开Open
管理通知Manage Alerts
管理网站所有用户的通知。Manage alerts for all users of the website
查看项目、创建通知、查看网页、打开View Items, Create Alerts, View Pages, Open
使用远程接口Use Remote Interfaces
使用简单对象访问协议 (SOAP)、Web DAV 或 SharePoint Designer 界面访问网站。Use Simple Object Access Protocol (SOAP), Web DAV, or SharePoint Designer interfaces to access the website.
打开Open
打开*Open*
打开网站、列表或文件夹以访问该容器中的项目。Open a website, list, or folder to access items inside that container.
没有依赖的权限No dependent permissions
编辑个人用户信息Edit Personal User Information
允许用户更改个人信息,例如添加图片。Allow a user to change personal information, such as adding a picture.
浏览用户信息、打开Browse User Information, Open

列表权限和依赖权限 List permissions and dependent permissions

下表描述了应用于列表和库的权限,并显示依赖这些权限的权限。The following table describes the permissions that apply to lists and libraries, and show the permissions that depend on them.

权限Permission 说明Description 依赖的权限Dependent permissions
管理列表Manage Lists
创建和删除列表、在列表中添加或移除列以及添加或移除列表的公共视图。Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
查看项目、查看网页、打开、管理个人视图View Items, View Pages, Open, Manage Personal Views
替代签出Override Check-Out
放弃或签入已签出到另一个用户的文档。Discard or check in a document that is checked out to another user.
查看项目、查看网页、打开View Items, View Pages, Open
添加项目Add Items
向列表添加项目,向文档库添加文档,以及添加 Web 讨论备注。Add items to lists, add documents to document libraries, and add web discussion comments.
查看项目、查看网页、打开View Items, View Pages, Open
编辑项目Edit Items
编辑列表中的项目、编辑文档库中的文档、编辑文档中的 Web 讨论备注,以及自定义文档库中的 Web 部件页。Edit items in lists, edit documents in document libraries, edit web discussion comments in documents, and customize Web Part Pages in document libraries.
查看项目、查看网页、打开View Items, View Pages, Open
删除项目Delete Items
删除列表中的项目,文档库中的文档,以及文档中的 Web 讨论备注。Delete items from a list, documents from a document library, and web discussion comments in documents.
查看项目、查看网页、打开View Items, View Pages, Open
查看项目View Items
查看列表中的项目、文档库中的文档以及 Web 讨论备注。View items in lists, documents in document libraries, and web discussion comments.
查看网页、打开View Pages, Open
审批项目Approve Items
审批列表项或文档的次要版本。Approve a minor version of a list item or document.
编辑项目、查看项目、查看网页、打开Edit Items, View Items, View Pages, Open
打开项目Open Items
查看使用服务器端文件处理程序的文档源。View the source of documents that use server-side file handlers.
查看项目、查看网页、打开View Items, View Pages, Open
查看版本View Versions
查看列表项或文档的以前版本。View past versions of a list item or document.
查看项目、查看网页、打开View Items, View Pages, Open
删除版本Delete Versions
删除列表项或文档的以前版本。Delete past versions of a list item or document.
查看项目、查看版本、查看网页、打开View Items, View Versions, View Pages, Open
创建通知Create Alerts
创建电子邮件通知。Create e-mail alerts.
查看项目、查看网页、打开View Items, View Pages, Open
查看应用程序页面View Application Pages
查看文档和列表或文档库中的视图。View documents and views in a list or document library.
打开Open

个人权限和依赖权限 Personal permissions and dependent permissions

下表描述了应用于个人视图和 Web 部件的权限,并显示依赖这些权限的级别。The following table describes the permissions that apply to personal views and web parts, and show the permissions that depend on them.

权限Permission 说明Description 依赖的权限Dependent permissions
管理个人视图Manage Personal Views
创建、更改和删除列表的个人视图。Create, change, and delete personal views of lists.
查看项目、查看网页、打开View Items, View Pages, Open
添加/删除专用 Web 部件Add/Remove Private Web Parts
添加或删除 Web 部件页上的专用 Web 部件。Add or remove private Web Parts on a Web Part Page.
查看项目、查看网页、打开、更新个人 Web 部件View Items, View Pages, Open, Update Personal Web Parts
更新个人 Web 部件Update Personal Web Parts
更新 Web 部件以显示个性化信息。Update Web Parts to display personalized information.
查看项目、查看网页、打开View Items, View Pages, Open

锁定模式Lockdown mode

访问受限的用户权限锁定模式网站集功能,可用来保护发布的网站。Limited-access user permission lockdown mode is a site collection feature that you can use to secure published sites. 开启锁定模式后,会减少受限访问权限级别的细粒度权限。When lockdown mode is turned on, fine-grain permissions for the limited access permission level are reduced. 下表详述了受限访问权限级别的默认权限和开启锁定模式功能后减少的权限。The following table details the default permissions of the limited access permission level and the reduced permissions when the lockdown mode feature is turned on.

权限Permission 受限访问 - 默认Limited access - default 受限访问 - 锁定模式Limited access - lockdown mode
列表权限:查看应用程序页面List permissions: View Application Pages
XX
网站权限:浏览用户信息Site permissions: Browse User Information
XX
XX
网站权限:使用远程接口Site permissions: Use Remote Interfaces
XX
网站权限:使用客户端集成功能Site permissions: Use Client Integration Features
XX
XX
网站权限:打开Site permissions: Open
XX
XX

所有发布网站都默认开启锁定模式,包括已应用到网站集的旧发布网站模板。Lockdown mode is on by default for all publishing sites, including if a legacy publishing site template was applied to the site collection. 如果你的网站对安全性具有更高要求,建议配置锁定模式。Lockdown mode is the recommended configuration if greater security on your sites is a requirement.

如果禁用受限访问用户权限锁定模式网站集功能,则处于“受限访问”权限级别的用户(例如匿名用户)可以访问网站的某些区域。If you disable the limited-access user permission lockdown mode site collection feature, users in the "limited access" permissions level (such as Anonymous Users) can gain access to certain areas of your site.

制定权限策略Plan your permission strategy

现在,你已了解权限、继承和权限级别,你可能需要制定策略,以便为用户设置指南、最小化维护并确保符合组织的数据管理策略。有关制定策略的提示,请参阅制定权限策略Now that you have learned about permissions, inheritance, and permission levels, you may want to plan your strategy so that you can set guidelines for your users, minimize maintenance, and ensure compliance with your organization's data governance policies. For tips on planning your strategy, see Plan your permissions strategy.