SPO permission recommendations

Anjana R 156 Reputation points
2022-01-12T02:50:44.323+00:00

Hi,

I am trying to better understand the general best practices around SPO permissions in modern sites (teams and communication) considering the flat architecture.

  1. Is it recommended to break the permission inheritance in modern sites at library level for different permission needs or should we create a new site for that library?
  2. To use the least privilege principle, can we create new SharePoint groups with customized permissions (e.g. Contribute) instead of using the default groups (owners, members or visitors) whenever necessary (e.g. few users require permissions only to updated docs but not to edit the page or manage lists) ?
  3. Whether we should set Sharing Permissions to "Only site owners can share files, folders and site" to have better control of permissions instead of allowing members to share the site?

Thanks

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,573 questions
0 comments No comments
{count} votes

Accepted answer
  1. Elsie Lu_MSFT 9,796 Reputation points
    2022-01-12T08:51:26.17+00:00

    Hi @Anjana R ,

    For your questions:

    Q1. Usually, list and library inherit site permission. Whether to set unique permissions depends on your business needs. You can set permissions directly for list/library, and this can be canceled at any time. There is no need to create a new site.

    Q2. Of course you can. Just set the custom permissions as required.

    Q3. It also depends on your business needs. If you don't want your members to be able to share files, then you can completely set it up.

    Please refer to this article for more information about how to customize permissions:
    Customize permissions for a SharePoint list or library


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.