Each site within org unit intranet comes with three different levels of permissions:

  • Site owners: have full ownership and control of the site (including permissions).
  • Site members: can view, add, edit and delete content within the site.
  • Site visitors: can view and download content within the site.

Planning your site permissions

In SharePoint, it is easy to lose track of who has what access to what content. We recommend keeping permissions as simple as possible. You should manage permissions at the site level rather than more granular levels such as library, page, or document.

Plan the access permissions during the 'Architecture and design' phase of the planning process.

Get advice from ITS before changing permissions from those recommended here.

Governance roles and corresponding permissions

Follow these guidelines to assign permissions to the intranet governance roles following completion of mandatory training.

Governance roleGuidelines for assigning permissions
Intranet sponsor
  • Will automatically receive visitor access to all sites when all org unit staff members are added
  • May also take up other roles – add to other permissions accordingly
  • During build phase, may be temporarily added to 'Site visitors' on all sites, to facilitate content review prior to launch
Intranet coordinatorAdd to ‘Site owner’ permissions individually on all sites
Intranet super userAdd to ‘Site owner’ permissions individually on all sites
Intranet content owner
  • Will automatically receive visitor access to all sites when all org unit staff members are added
  • May also take up other roles such as editor – add to other permissions accordingly
  • During build phase, may be temporarily added to 'Site visitors' on all sites, to facilitate content review prior to launch
Intranet editor
  • Add to ‘Site member’ permissions on the sites they need to add/update content in
  • Will automatically receive visitor access to the other sites when all org unit staff members are added
  • May need to be temporarily added to 'Site visitors' on sites they don't edit, so that they can see the entire intranet while they work on their content
Org unit staff

You will need a group that contains all org unit staff. You may already have one (e.g. your staff mailing list) or you may need to create one.

  • If a group does existsubmit an IT request with the group name and request ITS to check that the group can be used for org unit intranet access. ITS may need to change a setting on the group to enable it to be used.
  • If a group does not existsubmit an IT request and ITS will create a new group for you to manage.

When it's time to go live, add that group to the ‘Site visitor’ permissions on all sites.

Additional visitors

If you need to add visitors from another org unit or an external organization, add them individually to the 'Site visitors' permissions on all sites.

Interim permissions during intranet build

When your site goes live, all org unit staff will be given permission to view all sites in your intranet.

During the build process, you may need to create some interim permissions:

  1. You may need some individuals to review the site before it goes live (e.g. your sponsor, content owners who aren't editors, subject matter experts). Add them as visitors to each site.
  2. You may have editors who only have editing permission on one site (e.g. Information, services and support) but they still need to view the other sites and view the hub navigation menu. Add them as visitors to the sites where they are not an editor.

When you add the 'all org unit staff' group when you go live, make sure to remove these interim permissions. Anybody who is a member of your org unit should get their view permissions from the 'all org unit staff' group.

Permissions to share content

Intranet coordinators can control who can share the sites, files and folders within your org unit intranet.

Available settings

  1. Site owners and members can share files, folders and the site. People with ‘Edit’ permissions can share files and folders.
  2. Site owners and members, and people with ‘Edit’ permissions can share files and folders, but only site owners can share the site.
  3. (Default) Only site owners can share files, folders, and the site.

Recommendations​​​

  1. Do not change the default permissions for sharing content. Doing so will let site members break permission inheritance and create unique permissions.
  2. Establish your processes for managing access requests, by routing access requests either to the site owners or a specific email address.