Sharing & permissions in the SharePoint modern experience - SharePoint in Microsoft 365 (2025)

  • Article

Traditionally, SharePoint permissions have been managed through a set of permissions groups within a site (Owners, Members, Visitors, etc.). In SharePoint in Microsoft 365, this remains true for some types of sites, but additional options are available and SharePoint is part of a much broader set of capabilities for secure collaboration with Microsoft 365.

The main types of sites in SharePoint are:

  • Team sites - Team sites provide a collaboration environment for your teams and projects. Each team site, by default, is part of a Microsoft 365 group, which includes a mailbox, shared calendar, and other collaboration tools. Team sites may also be part of a team in Microsoft Teams. Permissions for team sites are best managed through the associated Microsoft 365 group or Teams team.
  • Channel sites - Channel sites are team sites that are associated with a specific channel in a Teams team. Both private and shared channels create separate SharePoint sites just for the channel.
  • Communication sites - Communication sites are for broadcasting news and status across the organization. Communication site permissions are managed by using the SharePoint Owners, Members, and Visitors groups for the site.
  • Hub sites - Hub sites are team sites or communication sites that the administrator has configured as the center of a hub. They're designed to provide connection between related sites through shared navigation. Permissions for hub sites can be managed through the Owners, Members, and Visitors groups, or through the associated Microsoft 365 group if there is one. Special permissions are needed to associate sites to a hub.

Team site permissions and Microsoft 365 Groups

By default, each SharePoint team site is part of an Microsoft 365 group. A Microsoft 365 group is a single permissions group that is associated with various Microsoft 365 services. This includes a SharePoint site, an instance of Planner, a mailbox, a shared calendar, and others.

When you add owners or members to the Microsoft 365 group, they're given access to the SharePoint site along with the other group-connected services. Group owners become site owners, and group members become site members.

It's possible to manage SharePoint site permissions separately from the Microsoft 365 group by using SharePoint groups, unless it's a channel site. (We recommend against this for the simplest management experience.) In such a case, group members will continue to have access to the site, but users added directly to the site won't have access to any of the group services. Microsoft 365 groups don't have view-only access, so any users you wish to have view permissions on the site must be added directly to the Visitors group on the site.

Using team sites with Teams

Microsoft Teams provides a hub for collaboration by bringing together various services including a SharePoint team site. Within the Teams experience, users can directly access SharePoint along with the other services. Each team is associated with a Microsoft 365 group and Teams uses that group to manage its permissions.

For scenarios where a SharePoint site is used with Teams, we recommend doing all permission management through Teams. As with Microsoft 365 groups, team owners become site owners and team members become site members.

For private or shared channel sites, permission management must be done in Teams. Channel owners become sites owners in SharePoint and channel members become site members. Permissions in SharePoint can't be managed separately and will display in read-only mode.

For details about how SharePoint and Teams interact, see Overview of Teams and SharePoint integration and Manage settings and permissions when SharePoint and Teams are integrated.

Communication site permissions

Communication sites aren't connected to Microsoft 365 groups and use the standard SharePoint permissions groups:

  • Owners
  • Members
  • Visitors

Normally with communication sites, you'll have one or more owners, a relatively small number of members who create the content for the site, and a large number of visitors who are the people you're sharing information with.

You can give people permissions to the site by adding individual users, security groups, or Microsoft 365 groups to one of the three SharePoint groups. (Nested security groups can cause performance issues and are not recommended.)

If a communication site is used by members of a team in Teams, you may want to add the Microsoft 365 group associated with the team to the members group of the communication site. This will allow members of the team to create content in the communication site.

The visitors group is a good place to use security groups. In many organizations, this is the easiest way to add large numbers of users to a site.

For information about how to share a site, see Share a site.

Hub site permissions

Managing the permissions of a hub site is dependent on the underlying type of site. If the site is a group-connected team site, then you should manage permissions through the Microsoft 365 group. If it's a communication site, then you should manage permissions through the SharePoint groups.

Hub site owners define the shared experiences for hub navigation and theme. Hub site members create content on the hub as with any other SharePoint site. Owners and members of the sites associated with the hub create content on their individual sites.

The SharePoint Administrator must specify which users can connect other sites to the hub. This is done in the SharePoint admin center and cannot be changed by site owners.

Sharing & permissions in the SharePoint modern experience - SharePoint in Microsoft 365 (1)

Giving people permissions to a site, group, or team gives them access to all site content. If you want to share an individual file or folder, you can do so with shareable links. There are three primary link types:

  • Anyone links give access to the item to anyone who has the link, including people outside your organization. People using an Anyone link don't have to authenticate, and their access can't be audited. Anyone links can't be used with files in a Teams shared channel site.
  • People in your organization links work for only people inside your Microsoft 365 organization. (They don't work for guests or external participants in Teams shared channels).
  • Specific people links only work for the people that users specify when they share the item. For files in a Teams shared channel site, specific people links can't be sent to people outside the organization unless they're in the channel.

You can change the type of link that is presented to users by default for each site.

For more about the different types of sharing links, see Securing your data.

Guest sharing

The external sharing features of SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). Planning for external sharing should be included as part of your overall permissions planning for SharePoint.

SharePoint has external sharing settings at both the organization level and the site level (previously called the "site collection" level). To allow external sharing on any site, you must allow it at the organization level. You can then restrict external sharing for other sites.

Sharing & permissions in the SharePoint modern experience - SharePoint in Microsoft 365 (2)

Whichever option you choose at the organization or site level, the more restrictive functionality is still available. For example, if you choose to allow sharing using Anyone links, users can still share with guests, who sign in, and with internal users.

External sharing is turned on by default for your organization. Default settings for individual sites vary depending on the type of site. See Site level settings for more information.

Shared channels in teams do not use guest accounts for sharing with people outside the organization. However, external sharing must be enabled for people outside the organization to be invited to shared channels.

To set up guest sharing for a site, see Collaborate with guests in a site.

Security and privacy

If you have confidential information that should never be shared externally, we recommend storing the information in a site that has external sharing turned off. Create additional sites as needed to use for external sharing. This helps you to manage security risk by preventing external access to sensitive information.

Microsoft Entra B2B collaboration provides authentication and management of guests. Authentication happens via one-time passcode when they don't already have a work or school account or a Microsoft account (MSA).

With SharePoint and OneDrive integration with Microsoft Entra B2B, the Azure B2B collaboration one-time passcode feature is used for external sharing of files, folders, list items, document libraries, and sites. (Shared channels in Teams don't use Azure B2B collaboration, but rather Azure B2B direct connect.)

External sharing overview

Manage sharing settings

Collaborating with people outside your organization

Share SharePoint files or folders

Limit sharing in Microsoft 365

Shared channels in Microsoft Teams

Microsoft 365 guest sharing settings reference

Sharing & permissions in the SharePoint modern experience - SharePoint in Microsoft 365 (2025)

FAQs

What are the permissions levels in SharePoint 365? ›

SharePoint provides these default permission levels: Full Control, Design, Edit, Contribute, and Read (Sorted highest permission level to the lowest). These levels can be modified to suit your organization's needs, but it's important to understand what each level means before you start tinkering with them.

What is the difference between SharePoint permissions and Microsoft 365 groups? ›

Microsoft 365 Groups give permission to all Microsoft 365 applications, including SharePoint Online (only 2 Groups: Owners and Members). SharePoint Groups give only permission to SharePoint content and the advantage is that the permissions are free configurable.

What is modern experience in SharePoint? ›

In the modern SharePoint experience, every site is a site collection and can be associated to a hub, which is a flat collection of sites that share navigation, branding, and other elements. This type of structure is far more flexible and adaptive to the changing needs of your organization.

How do I give access to SharePoint in Office 365? ›

In SharePoint Online, to give people access to your site, click Invite people and choose one of the following:
  1. Add Members to Group to add members to the Office 365 group associated with your site. ...
  2. Share Site Only to share the site with others without adding them to the Office 365 group associated with the site.

How many types of permissions are there in SharePoint? ›

SharePoint Server includes 33 permissions, which are used in the default permission levels. You can configure which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.

What is the best practice for SharePoint permissions? ›

The best practice for SharePoint permissions is to follow the principle of least privilege. This means granting users only the minimum permissions they need to perform their tasks. This approach minimizes security risks and simplifies access management.

What is the difference between modern group and SharePoint group? ›

Microsoft 365 Groups are different from SharePoint groups in that they span across multiple Microsoft 365 resources, are more flexible, and are easier to work with. You can easily add people to a group or just share the site with individuals by clicking Settings, then Site permissions on your site.

What are the 3 default permission groups created with a SharePoint site? ›

Each SharePoint group is assigned a default permission level. For example, the default SharePoint groups are Owners, Visitors, and Members, with Full Control, Read, and Contribute as their default permission levels respectively. Anyone with Full Control permission can create custom groups.

What is the difference between owner and member permissions in SharePoint? ›

For example, the Members group has the Contribute permission level by default. As a site owner, you choose which permissions are associated with each permission level (except for Limited Access and Full Control, which cannot be customized) or add new permission levels to combine different sets of permissions.

What are the capabilities of modern SharePoint? ›

The basic functions of SharePoint include document management, content collaboration, site creation, permission management, version control, search capabilities, workflow automation, and integration with other Microsoft 365 services.

What are the benefits of modern SharePoint site? ›

More benefits of the modern SharePoint
  • - It's faster. Classic SharePoint often taxed the servers it was created on. ...
  • - It's flexible. Modern SharePoint isn't constrained by the hierarchies that classic SharePoint used to organize site contents. ...
  • - It has new features. ...
  • - It's more secure.
Jan 16, 2019

How do I change to modern experience in SharePoint? ›

Change the experience for a list or document library
  1. In the modern experience for a list or document library, select Settings. ...
  2. Towards the end of the list of settings, select Advanced settings and select List experience.
  3. Select one of the three options, and to save, select OK.

What is the difference between grant access and share in SharePoint? ›

When you grant someone permission to a resource via Direct access, you allow them to access the resource via the same methods as with a Share link, but they can also find the file or folder in their OneDrive or Microsoft 365 app by going to the Shared view.

How do I give someone edit permissions in SharePoint? ›

In the Name list, select the checkbox next to the name of the user or group that you change permission levels for. Select Edit User Permissions. Under Permissions, check the box for the permission level you want for the users or groups you selected.

What are the authority levels in SharePoint? ›

SharePoint Group Permissions
Group NamePermission LevelFunction(s)
MemberEditEdit permissions for entire SharePoint sites.
OwnerFull ControlFull control permissions for entire SharePoint sites.
VisitorReadRead Only permissions for SharePoint sites.
ViewerViewView Only permissions for entire SharePoint sites.
Jun 1, 2023

What are system level permissions? ›

The system Permissions are used to define authorization levels for different actions. The level in the System authorizations panel defines what level (for example, 4 in the panel below) a user has to have to perform a specific action. The authorization level is saved in the _System.

How do I check item-level permissions in SharePoint? ›

View the Permissions page in SharePoint
  1. Go to the library or list and open it.
  2. Select Settings. , and then Library settings or List settings. ...
  3. On the Settings page, under Permissions and Management, select Permissions for this list or Permissions for this document library. Top of Page.

What are user level permissions? ›

User permissions refer to specific rights and privileges assigned to various roles, which, in turn, are assigned to specific users. In some cases, permissions may be applied to entire groups with access to a software system, such as all employees working at a specific location.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dean Jakubowski Ret

Last Updated:

Views: 6139

Rating: 5 / 5 (50 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Dean Jakubowski Ret

Birthday: 1996-05-10

Address: Apt. 425 4346 Santiago Islands, Shariside, AK 38830-1874

Phone: +96313309894162

Job: Legacy Sales Designer

Hobby: Baseball, Wood carving, Candle making, Jigsaw puzzles, Lacemaking, Parkour, Drawing

Introduction: My name is Dean Jakubowski Ret, I am a enthusiastic, friendly, homely, handsome, zealous, brainy, elegant person who loves writing and wants to share my knowledge and understanding with you.