Overview: Site governance, permission, and sharing for site owners
Applies To
SharePoint Server Subscription Edition SharePoint Server 2019 SharePoint Server 2016 SharePoint Server 2013 Enterprise SharePoint in Microsoft 365 SharePoint Foundation 2013 SharePoint in Microsoft 365 Small Business SharePoint operated by 21VianetUse this article as an overview of ideas and best practices for your site's governance model. If you are a site owner, create a governance model to address your site’s policies, processes, roles, and responsibilities. A model like this will help you manage how people use your site. For example, you might want to require check-out of files so that multiple people don't try to edit a file at the same time.
Note: Many sharing and permission rules are determined by your SharePoint administrator. Use this article as a basic guide to understand what you can control as a site owner. Partner with your SharePoint administrator to make changes to your organization's governance strategy.
Roles and responsibilities for supporting the site
Defining roles and responsibilities while planning and building your site will reduce the need to clean up or reorganize a site when staff members rotate in or out of a team. Site governances should consider including a plan for user training, monitoring site usage, auditing content, and communicating expectations to team members managing the site.
Consider prioritizing and defining the following:
-
Site training for site owners: Provide basic navigation, search, and document management training for new site owners.
-
Site support: Assign a designated site expert on your team to troubleshoot problems and be a liaison to a SharePoint administrator.
-
Site creation and usage guidelines: Often times organization have outlined company policy around site creation. Provide an up-to-date link to the appropriate guidelines, provide contact information for site owners and content authors in case they need assistance.
-
Content publishing and auditing: Plan to audit site and page content as often as necessary to keep the site relevant. Establish an audit schedule and assign content owners for large lists and libraries.
Default SharePoint groups
Title |
Default permission level |
Used for |
Owner |
Full control |
People who must be able to manage site permissions, settings, and appearance. |
Member |
Edit and contribute |
People who must be able to edit site content. Permission level depends on the site template that was used to create the site. |
Visitor |
Read only |
People who must be able to see site content, but not edit it. |
Modern site governance
In modern SharePoint, site governance is more important than in previous versions because there is more control and options to site creation. Your organization's governance depends on how much control your organization needs over content which will determine details for site creation and site-owner governance. Your SharePoint administrator can help you understand policies around security requirements, government regulations, corporate branding, accessibility, and training guidelines. Work with your SharePoint administrator to learn more about your organization's site creation and usage policies before creating your site governance plan.
Modern SharePoint site navigation structure
The most effective SharePoint sites help users find what they need quickly so that they can use the information they find to make decisions, learn about what is going on, access the tools they need, or engage with colleagues to help solve a problem. Learn more about planning site navigation in SharePoint.
Part of your information architecture might include classification of information. If the information you’re publishing has high value to the company, requires special security, or is covered by regulatory compliance rules, consider setting up a classification scheme to identify specific types of content that need to be managed carefully. After you’ve organized information into specific lists and libraries, you can use governance features to manage how the content is viewed.
Modern SharePoint architecture is designed to be flexible and adaptive to changing needs of your organization. Modern sites can be associated to hub sites. The associated sites share navigation and branding with the hub. If enabled by the hub site owner and the site owners approve, the associated sites can also share hub permissions.
Consider the following when determining your site's navigational structure:
-
What kind of content will you have on the site? How will that translate into pages, lists, and libraries?
-
How will information be presented in the site?
-
How will site users navigate through the site?
-
How will information be targeted to specific audiences?
-
How will search will be configured and optimized?
Managing permissions in modern sites
The integrity, confidentiality, and privacy of your organization’s mission-critical information rests on how secure you make your site — specifically, to whom you choose to grant access to your site. Managing permissions in modern sites involves both users and groups of users. Permissions in modern communication and team sites come from the site templates that provide different options. for each site.
Communication sites are not associated to Microsoft 365 groups and have three default roles - Site owners, Site members, and Site visitors.
Here are some tips to keep in mind when you’re developing a permissions strategy:
-
Follow the Principle of Least Privilege: Give people the lowest permission levels they need to perform their assigned tasks.
-
Use standard default groups: Give people access by adding them to standard, default groups (such as Members, Visitors, and Owners).
-
Consider segmenting your content by security level: Create a site or a library specifically for sensitive documents, rather than having them scattered in a larger library and protected by unique permissions.
Modern site permissions by title
Title |
Permission level |
Has permission to: |
Site owner |
Full control |
In addition to everything a Site member can do, owners can also: Change the site theme Change navigation layout Change the site logo Add or remove site owners Edit site member settings Add or remove site visitors Edit site settings Delete the site Add a Microsoft 365 group Associate the site to a hub |
Site member |
Edit and contribute |
Add, edit, and delete lists Add, edit, and delete document libraries Add or remove site members Add, edit, and remove documents Add, edit, and delete a page Add, edit, delete a news post Add, edit, and delete page sections Add, edit, and delete web parts Add, edit, and delete site navigation Create or delete page templates View site usage metrics |
Site visitor |
Read only |
View content |
More resources for site owners:
Site governance
An important but often invisible part of any site is its governance model—the set of policies, roles, responsibilities, and processes that you establish to determine how the people in your group use SharePoint.
Many organizations have a governance model in place for sites either at the Central Administration or site collection level, which may be created and maintained by an IT department or team. As a site owner, you need to find out if a governance model already exists for the site collection or farm. If so, you can use that to guide your site users or create an additional governance model to address your specific issues. For example, if you're a site owner for a subsite in a site collection, such as a classic team site, it might be a good idea to create your own additional governance model. to address specific issues in a subsite.
A governance model for a site, makes it easier for site users to know when they should create a new subsite, list, or other site content. Ensures that subsites and content are retired when obsolete to save storage space and keep search results accurate. Gives users access to the right content, Keep site branding the same throughout by letting subsite owners know what templates and themes are available. It also makes it easier to change site owner when people leave the organization or roles change.
A good governance model for a site, should focus on the following parts:
-
Site creation
-
Permissions management
-
Information architecture
-
Site lifecycle and retirement
-
Storage limits
-
Classification of information
-
Customization
-
Data protection
-
Navigation
-
Search
-
Roles and responsibilities for supporting the site
Some parts in the previous list might already be decided for you by the site-collection or organization-level governance model, such as how much storage space you have for your site, and what sorts of customization you can do to the look and feel of the site. Others may not be relevant, depending on how complex your team site is, and how many people you have using it. But even if you don’t have to make decisions about these topics, it’s a good idea to know what decisions have been made, so that you can inform your site users and enforce policies appropriately.
Subsite creation
You might want your team members to be able to create subsites under the team site for use on specific projects.
Being able to spontaneously create new subsites can be a great benefit to the group, but unrestricted site creation can get out of hand. When subsites proliferate freely, problems can arise. For example:
-
It’s hard for users to find the right subsite, or be sure if they have.
-
Information can be duplicated in several subsites, using up expensive storage space, and requiring duplicated effort to maintain.
-
Out-of-date information can reside on subsites, potentially for years, showing up in search results. It can be hard to tell what version of information is correct.
-
Managing permissions for a multitude of subsites can become a major chore, and users might inadvertently wind up with access to information they really shouldn’t have.
-
As employees leave the group, the subsites they create may be abandoned, creating confusion and muddying search results for remaining site users.
You can save time and energy if you set some policies for site creation that address the following areas:
-
Who is allowed to create subsites?
-
Do new subsites need to be approved in advance? If so, what are the criteria for approval, and who grants the approval?
-
Should new subsites use established templates and themes?
-
How much information may be stored on a site? That is, how much server disk space can it take up?
-
What are the rules for including navigation strategies on the site?
-
How long should information be stored on subsites before it is deleted or archived?
See Create a site or subsite for more information.
Permissions management
The integrity, confidentiality, and privacy of your organization’s mission-critical information rests on how secure you make your site — specifically, to whom you choose to grant access to your site.
Granting and restricting access to your site is called managing permissions, and it’s one of your most important responsibilities as a site owner.
Here are some tips to keep in mind when you’re developing a permissions strategy.
-
Follow the Principle of Least Privilege: Give people the lowest permission levels they need to perform their assigned tasks.
-
Give people access by adding them to standard, default groups (such as Members, Visitors, and Owners). Make most people members of the Members or Visitors groups, and limit the number of people in the Owners group.
-
Use permissions inheritance to create a clean, easy-to-visualize hierarchy. That is, avoid granting permissions to individuals, instead work with groups. Where possible, have subsites simply inherit permissions from your team site, rather than having unique permissions.
-
Organize your content to take advantage of permissions inheritance: Consider segmenting your content by security level – create a site or a library specifically for sensitive documents, rather than having them scattered in a larger library and protected by unique permissions.
See Understanding permission levels in SharePoint or Edit permissions for a list, library, or individual item for information on setting permissions.
Information architecture
A site’s information architecture is like the table of contents for a book: It determines how the information in that site — its webpages, documents, lists, and data — is organized and presented to the site’s users. Information architecture is often recorded as a hierarchical list of site content, search keywords, data types, and other concepts.
To create an information architecture, you must analyze the information to be presented in the site. Here are some of the questions you can use to develop an information architecture:
-
What kind of content will you have on the site? How will that translate into subsites, lists, libraries, and so on?
-
How will information be presented in the site?
-
How will site users navigate through the site?
-
How will information be targeted at specific audiences?
-
How will search will be configured and optimized?
Part of your information architecture might include classification of information.
If the information you’re dealing with has high value to the company, requires special security, or is covered by regulatory compliance rules, you might want to set up a classification scheme to identify specific types of content that need to be managed carefully.
After you’ve organized information into specific lists and libraries, you can use governance features to manage how the content is managed. For example:
Require check-out of files
When you require check-out of a file, you ensure that only one person can edit the file until it is checked in. Requiring documents to be checked out prevents multiple people from making changes at the same time, which can create editing conflicts and lead to confusion. Requiring check-out can also help to remind team members to add a comment when they check a file in, so that you can more easily track what has changed in each version. For more info, see Set up a library to require check-out of files.
Track versions
If you need to keep previous versions of files, libraries can help you track, store, and restore the files. You can choose to track all versions in the same way. Or you can choose to designate some versions as major, such as adding a new chapter to a manual, and some versions as minor, such as fixing a spelling error. To help manage storage space, you can choose the number of each type of version that you want to store. For more info on versioning, see How does versioning work in a list or library?.
You can specify that approval for a document is required. Documents remain in a pending state until they are approved or rejected by someone who has permission to do so. You can control which groups of users can view a document before it is approved. This feature can be helpful if your library contains important guidelines or procedures that need to be final before others see them. For more info on document approval, see Require approval of items in a site list or library.
Libraries support RSS technology, so that members of your workgroup can automatically receive and view updates, or feeds, of news and information in a consolidated location. You can use RSS technology to alert you of any changes to a library, such as when files that are stored in the library change. RSS feeds enable members of your workgroup to see a consolidated list of files that have changed. You can also create email alerts, so that you are notified when files change. For more info on RSS feeds, see Manage RSS feeds for a site or site collection.
A document library or content type can use workflows that your organization has defined for business processes, such as managing document approval or review. Your group can apply business processes to its documents, known as workflows, which specify actions that need to be taken in a sequence, such as approving or translating documents. A workflow is an automated way of moving documents or items through a sequence of actions or tasks. Three workflows are available to libraries by default: Approval, which routes a document to a group of people for approval; Collect Feedback, which routes a document to a group of people for feedback and returns the document to the person who initiated the workflow as a compilation; and Collect Signatures, which routes a document to a group of people to collect their digital signatures. For more info on workflows, see Overview of workflows included with SharePoint
If your group works with several types of files, such as worksheets, presentations, and documents, you can extend the functionality of your library by enabling and defining multiple content types. Content types add flexibility and consistency across multiple libraries. Each content type can specify a template and even workflow processes. The templates act as a starting point, for formatting and any boilerplate text and for properties that apply to the documents of that type, such as department name or contract number. For more info on content types, see Introduction to content types and content type publishing
If you have a group of sensitive files, and it would be helpful to know how the documents were being used, you can define a policy that allows you to enable 'Audit' tracking of events, such as file changes, copies or deletion. For info on setting up auditing, see Configure audit settings for a site collection
Site lifecycle and retirement
Sites such as document worksites and discussion sites tend to hang around after they are no longer useful, using up valuable storage space and muddying search results. It’s a good idea to set a schedule for reviewing sites and their contents (at least once a year) to see if they are worth keeping.
It’s good to keep in mind, too, that your organization’s larger governance model might also be on the lookout for stale sites. For example, an administrator might automatically delete sites that have been untouched for 90 days. As a site owner, you would receive an email warning you this was going to happen. For more info on lifecycle and retirement policies, see Site closure policies.
Storage limits
An administrator might have set a limit on the amount of disc storage your group can use. You need to find out if there is a limit and, if so, decide how you will apportion it amongst your sites, pages, and libraries.
By default, SharePoint Server imposes a 50 MB limit on the size of a single document that can be uploaded into a document library. Also, by default, Team site owners receive alerts when storage is at 90% of quota.
After you know what your limits are, you can use features like version or audit tracking to ensure your site stays within them.
Search
Content appears in many places including sites, lists, libraries, web parts, and list columns. By default, when someone searches your site, all the content on the site and pages appear in the search results.
As a site owner, you can choose whether or not the content on your site appears in search results. When you prevent the content of a site from appearing in search results, the content of all the subsites below it also is blocked from appearing in search results.
By default, content with restricted permissions does not appear in search results for users who don’t have the permissions to read it. You can change that so that restricted content does display in search results, but users won’t be able to open content they don’t have permission to.
Data protection
Backup and recovery features protect your data from accidental loss. The frequency of backup and the speed and level of recovery are set up by an administrator. For recovering content in your site, learn more about recovering items in the recycle bin.