热门内容

今日:


总体:


最近浏览:


x

【SharePoint】SharePoint中的权限级别

Chinese, Simplified
SEO Title
Permission levels in SharePoint

category

虽然SharePoint为网站提供了各种权限级别,但我们强烈建议对通信网站使用内置的SharePoint组,并通过关联的Microsoft 365组管理团队网站权限。这使得管理更容易。有关在SharePoint新式体验中管理权限的信息,请参阅SharePoint新式体验的共享和权限。

了解权限级别


使用权限的最简单方法是使用提供的默认组和权限级别,这些级别涵盖了最常见的场景。但是,如果需要,您可以在默认级别之外设置更细粒度的权限。本文介绍了不同的权限和权限级别、SharePoint组和权限如何协同工作,以及权限如何通过网站集级联。

注:

想直接转到更改或设置权限级别的步骤吗?请参阅如何创建和编辑权限级别。

概述和权限继承


如果你在一个网站上工作,你就是在一个网页集内工作。每个网站都存在于一个网站集中,网站集是单个顶级网站下的一组网站。顶级网站称为网站集的根网站。

以下网站集的图示显示了网站、列表和列表项的简单层次结构。权限范围是编号的,从可以设置权限的最宽级别开始,到最窄级别(列表中的单个项目)结束。

显示网站、子网站、列表和项目的SharePoint安全范围的图形。

继承

一个需要理解的重要概念是权限继承。根据设计,集合中的所有网站和网站内容都继承根网站或顶级网站的权限设置。当您为网站、库和项目分配唯一权限时,这些项目将不再继承其父网站的权限。以下是有关权限在层次结构中如何工作的更多信息:

  • 网站集管理员为整个网站集配置顶级网站或根网站的权限。
  • 如果您是网站所有者,则可以更改网站的权限设置,这将停止网站的权限继承。
  • 列表和库继承其所属网站的权限。如果您是网站所有者,则可以停止权限继承并更改列表或库的权限设置。
  • 列表项和库文件继承其父列表或库的权限。如果您可以控制列表或库,则可以停止权限继承并直接更改特定项目的权限设置。

重要的是要知道,用户可以通过与无权访问的人共享文档或项来中断列表或库项的默认权限继承。在这种情况下,SharePoint会自动停止对文档的继承。

默认权限级别

默认权限级别允许您快速轻松地为一个用户或一组用户提供通用权限级别。

您可以更改任何默认权限级别,但完全控制和有限访问除外,这两个级别在下表中有更详细的描述。

Permission Level Description
Full Control
 		 Contains all available SharePoint permissions. By default, this permission level is assigned to the Owners group. It can't be customized or deleted.
 
Design
 		 Create lists and document libraries, edit pages and apply themes, borders, and style sheets on the site. There is no SharePoint group that is assigned this permission level automatically.
 
Edit
 		 Add, edit, and delete lists; view, add, update, and delete list items and documents. By default, this permission level is assigned to the Members group.
 
Contribute
 		 View, add, update, and delete list items and documents.
 
Read
 		 View pages and items in existing lists and document libraries and download documents.
 
Limited Access
 		 Enables a user or group to browse to a site page or library to access a specific content item when they do not have permissions to open or edit any other items in the site or library. This level is automatically assigned by SharePoint when you provide access to one specific item. You cannot assign Limited Access permissions directly to a user or group yourself. Instead, when you assign edit or open permissions to the single item, SharePoint automatically assigns Limited Access to other required locations, such as the site or library in which the single item is located. This allows SharePoint to render the user interface correctly and show the user some context around their location in the site. Limited Access does not grant any additional permissions to the user, so they can't see or access any other content.
 
Web-Only Limited Access
 		 Web-Only Limited access is a variant of the ‘Limited Access’ permission level which enables users’ access to the web object only.
 
Approve
 		 Edit and approve pages, list items, and documents. By default, the Approvers group has this permission.
 
Manage Hierarchy
 		 Create sites and edit pages, list items, and documents. By default, this permission level is assigned to the Hierarchy Managers group.
 
Restricted Read
 		 View pages and documents, but not historical versions or user permissions.
 
View Only
 		 View pages, items, and documents. Any document that has a server-side file handler can be viewed in the browser but not downloaded. File types that do not have a server-side file handler (cannot be opened in the browser), such as video files and .png files, can still be downloaded.

注:

Microsoft 365订阅创建了一个名为“除外部用户外的所有人”的安全组,其中包含您添加到Microsoft 365目录中的每个人(您明确添加为外部用户的人除外)。此安全组在具有公共隐私设置的新式团队网站上自动添加到“成员”组,以便Microsoft 365中的用户可以访问和编辑SharePoint网站。此外,对于创建为“私有”的现代团队网站,“除外部用户外的所有人”都不能被授予任何权限,必须明确授予人员权限。此外,Microsoft 365订阅创建了一个名为“公司管理员”的安全组,其中包含Microsoft 365管理员(如全局和计费管理员)。此安全组已添加到“网站集管理员”组中。有关详细信息,请参阅默认SharePoint组。

默认情况下,网站所有者和成员可以向网站添加新用户。

要了解有关“除外部用户外的所有人”权限的详细信息,请参阅特殊SharePoint组

权限级别和SharePoint组

权限级别与SharePoint组协同工作。SharePoint组是一组具有相同权限级别的用户。

其工作方式是将相关权限放在一个权限级别中。然后将该权限级别分配给SharePoint组。

默认情况下,每种SharePoint网站都包含某些SharePoint组。例如,团队网站会自动包含“所有者”、“成员”和“访问者”组。发布门户网站包括这些组以及其他几个组,如审批人、设计器、层次结构管理器等。创建网站时,SharePoint会自动为该网站创建一组预定义的SharePoint组。此外,SharePoint管理员可以定义自定义组和权限级别。

要了解有关SharePoint组的更多信息,请参阅了解SharePoint组。

默认情况下,网站中包含的SharePoint组和权限级别可能不同,具体取决于:

  • 您为网站选择的模板
  • SharePoint管理员是否在网站上创建了具有特定目的(如搜索)的唯一权限集

下表描述了三个标准组的默认权限级别和相关权限:访问者、成员和所有者。

Group Permission level
Visitors
 		 Read This level includes these permissions:
Open
View Items, Versions, pages, and Application pages
Browse User Information
Create Alerts
Use Self-Service Site Creation
Use Remote Interfaces
Use Client Integration Features
 
Members
 		 Edit This level includes all permissions in Read, plus:
View, add, update and delete Items
Add, Edit and Delete Lists
Delete Versions
Browse Directories
Edit Personal User Information
Manage Personal Views
Add, Update, or Remove Personal Web Parts
 
Owners
 		 Full Control This level includes all available SharePoint permissions.

站点权限和权限级别

网站权限通常适用于SharePoint网站。下表描述了应用于站点的权限,并显示了使用这些权限的权限级别。

Permission Full Control Design Edit Contribute Read Limited Access Approve Manage Hierarchy Restricted Read View Only
Manage Permissions
 		 X
 		             X
 		    
View Web Analytics Data
 		 X
 		             X
 		    
Create Subsites
 		 X
 		             X
 		    
Manage Web Site
 		 X
 		             X
 		    
Add and Customize Pages
 		 X
 		 X
 		           X
 		    
Apply Themes and Borders
 		 X
 		 X
 		                
Apply Style Sheets
 		 X
 		 X
 		                
Create Groups
 		 X
 		                  
Browse Directories
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Use Self-Service Site Creation
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		   X
 
View Pages
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		 X
 		 X
 
Enumerate Permissions
 		 X
 		             X
 		    
Browse User Information
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 
Manage Alerts
 		 X
 		             X
 		    
Use Remote Interfaces
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		   X
 
Use Client Integration Features
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 
Open
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 		 X
 
Edit Personal User Information
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    

List permissions and permission levels

 

List permissions apply to content in lists and libraries. The following table describes the permissions that apply to lists and libraries, and show the permission levels that use them.

Permission Full Control Design Edit Contribute Read Limited Access Approve Manage Hierarchy Restricted Read View Only
Manage Lists
 		 X
 		 X
 		 X
 		         X
 		    
Override Check-Out
 		 X
 		 X
 		         X
 		 X
 		    
Add Items
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Edit Items
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Delete Items
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
View Items
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		 X
 		 X
 
Approve Items
 		 X
 		 X
 		         X
 		      
Open Items
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		 X
 		  
View Versions
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		   X
 
Delete Versions
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Create Alerts
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		   X
 
View Application Pages
 		 X
 		 X
 		 X
 		 X
 		 X
 		   X
 		 X
 		   X
 

Personal permissions and permission levels

 

Personal permissions apply to content that belongs to a single user. The following table describes the permissions that apply to personal views and web parts, and show the permission levels that use them.

Permission Full Control Design Edit Contribute Read Limited Access Approve Manage Hierarchy Restricted Read View Only
Manage Personal Views
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Add/Remove Private Web Parts
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    
Update Personal Web Parts
 		 X
 		 X
 		 X
 		 X
 		     X
 		 X
 		    

权限和依赖权限

SharePoint权限可以依赖于其他SharePoint权限。例如,您必须能够打开项目才能查看它。这样,“查看项目”权限取决于“打开”权限。

当您选择依赖于另一个SharePoint权限的SharePoint权限时,SharePoint会自动选择关联的权限。同样,清除SharePoint权限时,SharePoint会自动清除依赖于它的任何SharePoint权限。例如,清除“查看项目”时,SharePoint将自动清除“管理列表”(如果无法查看项目,则无法管理列表)。

小贴士

唯一没有依赖关系的SharePoint权限是“打开”。所有其他SharePoint权限都依赖于它。要测试自定义权限级别,您只需清除“打开”即可。这将自动清除所有其他权限。

以下部分包含描述每个权限类别的SharePoint权限的表。对于每个权限,该表显示了依赖权限。

  • 站点权限和从属权限
  • 列出权限和依赖权限
  • 个人权限和从属权限
  • 站点权限和从属权限

下表描述了应用于站点的权限,并显示了依赖于它们的权限。

Permission Description Dependent permissions
Manage Permissions
 		 Create and change permission levels on the website and assign permissions to users and groups.
 		 View Items, Open Items, View Versions, View Pages, Browse Directories, Enumerate Permissions, Browse User Information, Open
 
View Web Analytics Data
 		 View reports on website usage.
 		 View Pages, Open
 
Create Subsites
 		 Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
 		 View Pages, Browse User Information, Open
 
Manage website
 		 Perform all administration tasks for the website, which includes managing content.
 		 View Pages, Add and Customize Pages, Browse Directories, Enumerate Permissions, Browse User Information, Open
 
Add and Customize Pages
 		 Add, change, or delete HTML pages or Web Part pages, and edit the website by using a Windows SharePoint Services-compatible editor.
 		 View Items, Browse Directories, View Pages, Open
 
Apply Themes and Borders
 		 Apply a theme or borders to the whole website.
 		 View Pages, Open
 
Apply Style Sheets
 		 Apply a style sheet (.css file) to the website.
 		 View Pages, Open
 
Create Groups
 		 Create a group of users who can be used anywhere within the site collection.
 		 View Pages, Browse User Information, Open
 
Browse Directories
 		 Enumerate files and folders in a website, by using an interface such as SharePoint Designer or web-based Distributed Authoring and Versioning (Web DAV).
 		 View Pages, Open
 
Use Self-Service Site Creation
 		 Create a website by using Self-Service Site Creation.
 		 View Pages, Browse User Information, Open
 
View Pages
 		 View pages in a website.
 		 Open
 
Enumerate Permissions
 		 Enumerate permissions on the website, list, folder, document, or list item.
 		 View Items, Open Items, View Versions, Browse Directories, View Pages, Browse User Information, Open
 
Browse User Information
 		 View information about users of the website.
 		 Open
 
Manage Alerts
 		 Manage alerts for all users of the website
 		 View Items, Create Alerts, View Pages, Open
 
Use Remote Interfaces
 		 Use Simple Object Access Protocol (SOAP), Web DAV, or SharePoint Designer interfaces to access the website.
 		 Open
 
Use Client Integration Features
 		 Use features which launch client applications.
 		 Use Remote Interfaces, Open
 
Open*
 		 Open a website, list, or folder to access items inside that container.
 		 No dependent permissions
 
Edit Personal User Information
 		 Allow a user to change personal information, such as adding a picture.
 		 Browse User Information, Open

列出权限和依赖权限

下表描述了应用于列表和库的权限,并显示了依赖于它们的权限。

Permission Description Dependent permissions
Manage Lists
 		 Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
 		 View Items, View Pages, Open, Manage Personal Views
 
Override Check-Out
 		 Discard or check in a document that is checked out to another user.
 		 View Items, View Pages, Open
 
Add Items
 		 Add items to lists, add documents to document libraries, and add web discussion comments.
 		 View Items, View Pages, Open
 
Edit Items
 		 Edit items in lists, edit documents in document libraries, edit web discussion comments in documents, and customize Web Part Pages in document libraries.
 		 View Items, View Pages, Open
 
Delete Items
 		 Delete items from a list, documents from a document library, and web discussion comments in documents.
 		 View Items, View Pages, Open
 
View Items
 		 View items in lists, documents in document libraries, and web discussion comments.
 		 View Pages, Open
 
Approve Items
 		 Approve a minor version of a list item or document.
 		 Edit Items, View Items, View Pages, Open
 
Open Items
 		 View the source of documents that use server-side file handlers.
 		 View Items, View Pages, Open
 
View Versions
 		 View past versions of a list item or document.
 		 View Items, View Pages, Open
 
Delete Versions
 		 Delete past versions of a list item or document.
 		 View Items, View Versions, View Pages, Open
 
Create Alerts
 		 Create e-mail alerts.
 		 View Items, View Pages, Open
 
View Application Pages
 		 View documents and views in a list or document library.
 		 Open
 

Personal permissions and dependent permissions

The following table describes the permissions that apply to personal views and web parts, and show the permissions that depend on them.

Permission Description Dependent permissions
Manage Personal Views
 		 Create, change, and delete personal views of lists.
 		 View Items, View Pages, Open
 
Add/Remove Private Web Parts
 		 Add or remove private Web Parts on a Web Part Page.
 		 View Items, View Pages, Open, Update Personal Web Parts
 
Update Personal Web Parts
 		 Update Web Parts to display personalized information.
 		 View Items, View Pages, Open

锁定模式

限制访问用户权限锁定模式是一种网站集功能,可用于保护已发布的网站。当锁定模式打开时,有限访问权限级别的细粒度权限会减少。下表详细说明了打开锁定模式功能时受限访问权限级别的默认权限和减少的权限。

Permission Limited access - default Limited access - lockdown mode
List permissions: View Application Pages
 		 X
 		  
Site permissions: Browse User Information
 		 X
 		 X
 
Site permissions: Use Remote Interfaces
 		 X
 		  
Site permissions: Use Client Integration Features
 		 X
 		 X
 
Site permissions: Open
 		 X
 		 X

默认情况下,所有发布网站都处于锁定模式,包括是否将旧版发布网站模板应用于网站集。如果您的站点需要更高的安全性,建议使用锁定模式。

如果禁用受限访问用户权限锁定模式网站集功能,则处于“受限访问”权限级别的用户(如匿名用户)可以访问您网站的某些区域。

规划您的权限策略

现在您已经了解了权限、继承和权限级别,您可能需要规划您的策略,以便为用户设置指导方针,最大限度地减少维护,并确保符合组织的数据治理策略。有关规划策略的提示,请参阅规划权限策略。

本文地址
https://architect.pub/permission-levels-sharepoint
  • 登录 发表评论
  • 2 次浏览
发布日期
星期一, 十月 7, 2024 - 13:50
最后修改
星期一, 十月 7, 2024 - 13:55

Tags

Article
Read more

最新内容