And if I had read the original list properly, I would not have added permissions to the previous blog as an out of box feature! 😀

Anyway. Let’s unpack it a bit more. Permissions in SharePoint Online and Microsoft 365 is an enormous subject, I will only cover the basics here.

There 2 types of SharePoint Sites

There are stand-alone SharePoint sites, and there are Group Connected SharePoint sites. Group connected sites connect to Teams, Outlook, Planner, Yammer etc. Stand-alone is SharePoint only. The way you manage the permissions in each type is slightly different.

There are 3 default permission levels

Site Members, Site Visitors, Site Owners. Read the Edit blog post for more on the Members group. Every single site collection has these 3 default SharePoint groups. You can grant permissions on site level, list/library level, folder level and document level. Although we do not advocate that on document level, it’s a mess down there.

The Group connected sites have 2 additional groups that follow it around the other platforms.

Show These Items

Click the Show These Items in the permissions page to see what lists, libraries and items have unique permissions on them.

Click on Manage Permissions on each one to view the details.

Site Collection Admins aka Site Admins Can See Everything on the Site

We call these people, SCA’s – Site Collection Admins. They can see anything on the site, regardless of the permissions on the site.

SharePoint Administrator

The level above SCA level is SharePoint Administrator on Microsoft 365 level. People in this roll can access every single document, list and page in every single site collection, and every single OneDrive account. Don’t just randomly give people this level of access without serious training and signing non-disclosure agreements.

Above this level is Global Admin on the Microsoft 365 tenant. That is Godlike power over the whole account. Less than 5 people should have this access.