Understanding SharePoint roles
Applies To: Windows SBS 2008
A user's access permissions to the internal Web site depend on the user role and the security group that are assigned.
By default, Windows SharePoint Services 3.0 includes the following predefined user roles:
Visitor Has read privileges.
Member Has read and contribute privileges.
Owner Has administrator privileges.
The following Windows SharePoint Services groups are associated with the Windows SBS 2008 internal Web site:
CompanyWeb Visitors Members of this Windows SharePoint Services group have a Visitor user role on the internal Web site.
CompanyWeb Members Members of this Windows SharePoint Services group have a Member user role on the internal Web site.
CompanyWeb Owners Members of this Windows SharePoint Services group have an Owner user role on the internal Web site.
During installation, Windows SBS 2008 creates the following security groups for the internal Web site. Each security group is the only member of the associated Windows SharePoint Services group:
Windows SBS SharePoint_VisitorsGroup This security group is the only member of the CompanyWeb Visitors group on the internal Web site. Members of this security group can read the internal Web site.
Windows SBS SharePoint_MembersGroup This security group is the only member of the CompanyWeb Members group on the internal Web site. Members of this security group can read, write, and contribute to the internal Web site. User accounts that are based on the Standard User user role or the Standard User with Administration Tools user role in Windows SBS 2008 belong to this group by default, and they can read, write, and contribute to the internal Web site.
Windows SBS SharePoint_OwnersGroup This security group is the only member of the CompanyWeb Owners group on the internal Web site. Members of this security group have full administrative access to the internal Web site. User accounts that are based on the Network Administrator user role in Windows SBS 2008 belong to this group by default, and they have administrative privileges on the internal Web site, unless you remove them from the Windows SBS SharePoint_Ownersgroup security group.
Table 1 Relationships between user roles, permissions, and groups
| Windows SharePoint Services User Role | Windows SharePoint Services Permissions | Default Windows SharePoint Services Group for the Internal Web Site | Windows Small Business Server 2008 Security Group |
|---|---|---|---|
Visitor |
Can read the internal Web site. |
CompanyWeb Visitor |
Windows SBS SharePoint_VisitorsGroup |
Member |
Can read and write to the internal Web site. The user can add, edit and change documents, but cannot change the structure of the site, such as add new document libraries. |
CompanyWeb Member |
Windows SBS SharePoint_MembersGroup |
Owner |
Has administrator privileges on the internal Web site. |
CompanyWeb Owner |
Windows SBS SharePoint_OwnersGroup |
You can modify access to the internal Web site for a user by using the Windows SBS Console.