 Hello there, this is Ben with Tech Impact. Today we're actually going to talk a bit about SharePoint Online. And this video is actually geared towards administrators of SharePoint Online. So we're going to be talking about permission in SharePoint. Different ways that you can manage who has access to what resources, what the different levels of permissions are that you can have set. I'm on my home site right now. In general, everyone is going to have access to your home site. But I might want to restrict other sites to be a little bit more locked down, such as this restricted HR and finance site. So the way that permissions kind of work within SharePoint, up at the site level, I can set permissions so I can designate who has access to an entire site like this restricted site. Within a site, you have your different apps such as document libraries and custom lists and task lists and swizzards, the different components of your SharePoint site. Those actually inherit permissions from the site. And you can actually tell those to stop inheriting those permissions. So I could say that I only want three people to be able to access this HR and finance documents, document library, but everyone in the organization should have access to everything else that's on this site. Those are things that you're able to do by breaking the inheritance of the permissions from this app to its site. And then even within an app within a document library or a calendar or something like that, individual items can have their permissions changed as well. And you can break their inheritance. So those get their permissions from the library or the app that they're in. So those are the different levels that you can set permissions at. In general, it's best practices to try to keep permissions at the site level. It's less places that you have to go to manage permissions. It's less confusing for you as an administrator when you have to update permissions or know who has access to something. Everything is always at the site level. You can just be like, okay, I know everyone in the group for HR and finance has access there. Everyone has access to the program site, etc. You can technically set them at the document library or app level as well. But again, it's just not necessarily best practices to be doing that. Whenever possible, you want to keep it at the site level. So I have this folder here and I want to share it with my co-worker. I have this nice share button here that I can click on to do that. When I share this with them, this is actually going to break the inheritance of permissions for this folder. So as I said, this folder gets its permissions from the document library that it's in, which gets its permissions from the site. If I share this with that share button, it's not going to do that anymore. So this will now have its own unique permissions. So when I hire someone new and I have to give them permissions to this site, so that's something to be aware of that you're going to have to manage and educate folks on. So when we go to our site settings for a site, this is where we can manage our permissions. And there's a bunch of different permission levels in here. These are what the permissions look like. I have some messages up at the top here letting me know that there's some items that have unique permissions in here. These are things like those apps, like this HR and finance documents apps. And if I even go further, it'll show me what documents or folders in there do have unique permissions. We have some groups in here that have access to the site, a members group and an SP everyone group. One of these is a SharePoint group. One of these is a domain group. So SharePoint groups, you manage in SharePoint itself. You have to actually go to SharePoint and to like a site settings area to manage the members of that group. With these domain groups, those are actually managed through the Office 365 admin center. If you are going to be giving individual users like full control permissions like Sam has here, SharePoint groups might be easier for you because then I don't have to make Sam an Office 365 administrator. I don't have to give him access to the actual admin center. He could just be managing the SharePoint groups here. Those are kind of some use cases for when you might want to use these domain groups versus a SharePoint group itself. It's best practices to use groups a lot easier to manage because then all you're doing is adding or removing members from a group in order to manage the permissions for a site because you already have the group assigned to the site with a certain permission level. So when I hire someone and they need to be able to create documents, delete documents, edit documents, they need to contribute permission level. I'm just going to add them to either this members group or to the SP everyone group and they'll just immediately have that level of access to the site without me having to even go to the site. You'll see here up at the top, we can stop inheriting permissions here. So if I wanted this to have its own unique permissions, not be directly getting its permissions from its parent site, I could do that here and then specify individual permissions for the site that would be separate from other sites. Or I can go ahead and manage the parent permissions for the site. So if I want to actually update the permissions for that HR and finance site without making it have unique permissions, I would just update the permissions for its parent, which happens to be the home site. In terms of the different permission levels that we have that we're working with, there are some that are created out of the box, but we can actually create custom permission levels as well with SharePoint, which is something that is really, really helpful and that we don't have with a lot of other cloud storage and cloud internet providers. So full control is going to give someone admin rights to that site that you're giving them full control on. Design, they'll be able to change the way that the site looks, adding apps to the site, deleting apps to the site. They can't manage permissions though or some of the other backend settings for a site. Edit just allows them to add, edit and delete different apps. Edit, design and full control are somewhat serious permission levels. There's someone administrative, so you want to be careful with who you're giving those levels to. Contribute is kind of our standard read-write permission. So this is just going to allow folks to add, edit and delete documents and list items or app items. So I can add to that calendar that I have permissions to, but I can't change the way that the calendar works or delete the calendar. Read is another out-of-the-box one here. This is going to allow me to see a preview of items and download a copy of those items. So I can't do anything to the document that lives in SharePoint, but I could download a copy of that item or document and make changes to that or send that to other people. And then these couple ones in here are Custom. ViewOnly is another out-of-the-box permission level. ViewOnly is similar to Read in that I can open up a preview of a file. The difference is that I can't download those files or those items. I can only just view that preview and that's it. So those are the different out-of-the-box permission levels that we have that you would be assigning to different groups or users at the site level, at the document library level, hopefully not at the individual file or folder level. An administrator, you're going to be managing your permissions, how you want to think about permissions or who should have access to what and how the different permission levels work and how you can best use them to your advantage to give people different levels of access to different resources in your SharePoint site. Thank you for watching and have a great day.