You will be able to control access to the site and the content by assigning permissions to users or groups for a given site or given content. This can be done on several levels of site collection including Site, Library or List, Folder, or Document or Item.
It is very important that you fully understand the following concepts prior to creating your plan for permissions:
- Permissions They allow a user to have access to perform certain actions. This can vary by user such as those that can view items and those that have the ability to also add or remove items.
- Fine Grained Permissions They are unique permissions on secured objects that are lower on the site hierarchy. This could be permission on a list or a library for example. They allow for you to customize the level of user permission for any collection site.
- Permission Level They are the collections of permissions that enable users to perform a given set of related tasks. These various permissions are necessary for page views and documents in a SharePoint site. These permissions can be included in several permission levels. Those levels get defined at the site collection level. Then they can be customized by any user or group with permission levels that include Manage Permissions. The default levels are Limited Access, Read, Contribute, Design, and Full Control.
- SharePoint Group This is a group of users that share the same site collection level for administration to offer permissions. Each of the groups is assigned a default permission level. Only those with Full Control permission are able to create custom groups.
- User– This is an individual that has an account with authentication that is supported by the web application. It is a good idea to assign permissions to groups rather than to users. This will also you to grant individual users permissions to a site or to specific content. It isn’t an effective method for maintaining individual user accounts due to the time involved. Only assign permissions on an individual basis when there are unique circumstances.
- Securable Object This is a list, folder, or document that various permission levels can be assigned for. The default provides the permissions on the site. You can use a list level, item level, or folder level permission to add more control for users to view or interact with site content. However, you first have to break the permission that was inherited so that you can then change it for that securable object. Then you can resume inherited permissions from a parent list.
It is possible to assign a group or user permissions for a specific object that is securable. They can have different permissions for different securable objects too.