Share via


Understanding SharePoint roles

Applies To: Windows SBS 2008

A user's access permissions to the internal Web site depend on the user role and the security group that are assigned.

By default, Windows SharePoint Services 3.0 includes the following predefined user roles:

  • Visitor   Has read privileges.

  • Member   Has read and contribute privileges.

  • Owner   Has administrator privileges.

The following Windows SharePoint Services groups are associated with the Windows SBS 2008 internal Web site:

  • CompanyWeb Visitors   Members of this Windows SharePoint Services group have a Visitor user role on the internal Web site.

  • CompanyWeb Members   Members of this Windows SharePoint Services group have a Member user role on the internal Web site.

  • CompanyWeb Owners   Members of this Windows SharePoint Services group have an Owner user role on the internal Web site.

During installation, Windows SBS 2008 creates the following security groups for the internal Web site. Each security group is the only member of the associated Windows SharePoint Services group:

  • Windows SBS SharePoint_VisitorsGroup   This security group is the only member of the CompanyWeb Visitors group on the internal Web site. Members of this security group can read the internal Web site.

  • Windows SBS SharePoint_MembersGroup   This security group is the only member of the CompanyWeb Members group on the internal Web site. Members of this security group can read, write, and contribute to the internal Web site. User accounts that are based on the Standard User user role or the Standard User with Administration Tools user role in Windows SBS 2008 belong to this group by default, and they can read, write, and contribute to the internal Web site.

  • Windows SBS SharePoint_OwnersGroup   This security group is the only member of the CompanyWeb Owners group on the internal Web site. Members of this security group have full administrative access to the internal Web site. User accounts that are based on the Network Administrator user role in Windows SBS 2008 belong to this group by default, and they have administrative privileges on the internal Web site, unless you remove them from the Windows SBS SharePoint_Ownersgroup security group.

Table 1   Relationships between user roles, permissions, and groups

Windows SharePoint Services User Role Windows SharePoint Services Permissions Default Windows SharePoint Services Group for the Internal Web Site Windows Small Business Server 2008 Security Group

Visitor

Can read the internal Web site.

CompanyWeb Visitor

Windows SBS SharePoint_VisitorsGroup

Member

Can read and write to the internal Web site. The user can add, edit and change documents, but cannot change the structure of the site, such as add new document libraries.

CompanyWeb Member

Windows SBS SharePoint_MembersGroup

Owner

Has administrator privileges on the internal Web site.

CompanyWeb Owner

Windows SBS SharePoint_OwnersGroup

You can modify access to the internal Web site for a user by using the Windows SBS Console.