As I worked on SharePoint security I always confused about the SharePoint security terms used in SharePoint class library. Here I am trying to blog SharePoint Security related terms like Permissions, Permissions Level, RoleDefination, Security Groups and Role Assignments which helps to explain the SharePoint classes.
- Permissions: - SharePoint Foundation doesn’t allow defining custom permission. SharePoint provides 35 predefined permission to create different permission levels. By grouping these permission together in different sets, can create different permission levels.
You can get the more details of predefined permission at MSDN
- Permission Levels: - Permission Level is nothing but a set of different permissions. We can’t directly assign permissions to group/user, instead need to create permission level and it can be assign. By default SharePoint provides 5 permission levels. These are “Full Control”, “Design”, “Contributor”, “Read” & “Limited Access”. You can get more detail of default permission levels at MSDN.
- SharePoint Security Groups: - SharePoint allows adding active directory groups as well as admin can create SharePoint groups at site collection level. Each SharePoint group contains one or more user.
- RoleDefination: - Each SharePoint group/user should have one or more permission levels assign to it. Permission levels with SPGroup/User calls RoleDefination. In simple words when we assign permission levels to group/user, it defines a role for the corresponding group/user.
- RoleAssignment:- When an SharePoint group/user is added to SharePoint web, this process is called RoleAssignment. Adding a role assignment to web is the final stage of assigning a permission to group/user.
- Permission Inheritance:- As word 'Inheritance' say most of the thing about it. By default, SharePoint objects like Site Collection, Web, List & List Item are inherit permission from his parent object. It means user have all the permission on an SharePoint object that user have on parent object. If we want to child object have different permission then parent, we need to explicitly break the inheritance.