SharePoint 2013 Permission Guidelines

When permissions are created, you need to balance the need for administration and performance with the requirement to control access to the individual items. When using fine grained permissions, you will spend more of your time with management for the permissions. This can result in users becoming frustrated due to slow performance when they are accessing site content.

Here are some guidelines to follow when it comes to plan site permissions. Users should have the permission levels that they need to perform the tasks they have been assigned, nothing more. Only use standard groups to control permissions at the site level. Most of your users should be in Members or Visitors groups. Members will be able to contribute to the site by adding or removing items or documents. However, they won’t have the ability to change the structure, settings, or appearance of the site. Visitors will have read only access to the site so they can see pages and items but not add or remove anything. Limit the number of people that belong in the Owners group. Only those that are able to change the structure, settings, or appearance of the site should be included in this group. As mentioned, user permission groups and levels instead of individual permissions whenever possible. ┬áIt is possible to create additional SharePoint groups and permissions levels if you need them to have more control over actions of users.

It is easier to manage permissions when there is a hierarchy in place of the various permissions and inherited permissions. The difficulty comes into the picture where there are lists in a site and they have fine grained permissions applied to them or they are sub sites with unique permissions. When possible, always arrange the sites and sub sites with lists and libraries that allow them to share the permissions. Then you can separate any sensitive data into their own unique lists, libraries, and sub sites.