Phase 3 - Create your Security Groups

=Create your security groups =

In this section we apply the settings covered in the Site Collection Design - Designing Access Control section. If you are wishing to apply these settings retrospectively to an existing SharePoint Team Site Collection first please read Resetting Permissions for a SharePoint Team Site Collection.

Open the Permission Levels page

 * 1) On the top site of your collection, click the Site Actions menu, point to Site Settings, and then click People and Groups.
 * 2) On the People and Groups page, in the Quick Launch, click Site Permissions.
 * 3) On the Settings menu, click Permission Levels.

Add a new permission level
We need to give our 'Site Owners' a slightly cut down version of the 'Full Control' permission. Follow the steps below to create a custom permission level:


 * 1) On the Permission Levels page, click Add a Permission Level.
 * 2) On the Add a Permission Level page, in the Name and Description section, type Site Administration as the name and As for Full Control except we have removed the ability to create new groups and change site themes. as the description.
 * 3) Click on the Select All check box and then deselect the following permissions (all found under the Site Permissions category):
 * 4) Apply Themes and Borders  -  Apply a theme or borders to the entire Web site.
 * 5) Apply Style Sheets  -  Apply a style sheet (.CSS file) to the Web site.
 * 6) Create Groups  -  Create a group of users that can be used anywhere within the site collection.
 * 7) Click on the Create button.

Edit existing permission level

 * 1) On the Permission Levels page, click on Design.
 * 2) Deselect the check boxes for the following permissions:
 * 3) Apply Themes and Borders  -  Apply a theme or borders to the entire Web site.
 * 4) Apply Style Sheets  -  Apply a style sheet (.CSS file) to the Web site.
 * 5) Click Submit.

Change group settings

 * 1) On the Site Actions menu for your collection top site, click Site Settings.
 * 2) On the Site Settings page, in the Users and Permissions column, click People and Groups.
 * 3) On the People and Groups page, in the Quick Launch, click Groups.

Modify the Site Owners Group

 * 1) Click the link for the Site name Owners group.
 * 2) On the Settings menu, click Group Settings.
 * 3) Modify the text in the 'About Me:' field to read This group has full control permissions for Site name.  Anybody in this group can create new sub-sites.  This is a "Self Policing" group whereby members can add new members (or remove members)..
 * 4) Change the setting for 'Who can view the membership of the group?' to Everyone.
 * 5) Change the setting for 'Who can edit the membership of the group?' to Group Members.
 * 6) Under 'Choose the permission level group members get on this site' deselect Full Control and select Site Administration.
 * 7) Click on the OK button.

Modify the Designers Group

 * 1) Go to the Groups page.
 * 2) Click the link for the Designers group.
 * 3) Modify the text in the 'About Me:' field to read Members of this group can create and edit lists, document libraries, and pages within the sites in this collection. This is a "Self Policing" group whereby members can add new members (or remove members).
 * 4) Change the setting for 'Who can view the membership of the group?' to Everyone.
 * 5) Change the setting for 'Who can edit the membership of the group?' to Group Members.
 * 6) Click on the OK button.

Specify the Group members
For each of the groups follow the steps immediately below. See the sub-sections for notes on how to populate these groups.
 * 1) On the Site Actions menu, click Site Settings.
 * 2) On the Site Settings page, in the Users and Permissions column, click People and groups.
 * 3) On the People and Groups page, in the Quick Launch, click Groups.
 * 4) On the People and Groups: All Groups page, in the Group column, click the link for the SharePoint group to which you want to add users.
 * 5) On the People and Groups: GroupName page, on the New menu, click Add Users.
 * 6) On the Add Users page, in the Add Users section, use the Browse button to select the users you want to add to this SharePoint group. Alternatively, type the user names, Windows domain group names, or e-mail addresses, separated by semicolons, that you want to add to this SharePoint group.
 * 7) In the Give Permission section, either select a SharePoint group from the Add users to a SharePoint group list or select Give users permission directly, and then select the permission level you want to assign to this group.
 * 8) Avoid giving users permission directly - always add them to a SharePoint group wherever feasible.
 * 9) Click OK.

Populate the Site Owners Group
Minimize the number of users you put into this group. Below are the three things all users in this group must know:
 * They must be SharePoint competent
 * They must understand the overall structure of the site collection and hence understand when and where to create new sites (since that is the major permission this group has that other groups don't)
 * They must understand when it's appropriate to create a new site verses utilizing an existing site

Note: this has been configured to be a self-governing group meaning the members of the group can add new members and remove existing members.

Populate the Designers Group
Minimize the number of users you put into this group:
 * They must be SharePoint competent

Note: this has been configured to be a self-governing group meaning the members of the group can add new members and remove existing members.

Populate the Members Group
Use existing Outlook email distribution lists to specify the population of this group.

Populate the Visitors Group
During the planning phase you will have agreed how you will cater for those 'potential users' who sit outside the immediate group of users for you site collection.

Remove unnecessary default SharePoint groups
By default SharePoint will have created a number of other groups in your site collection. It's unlikely you'll ever make use of thse so to enable our need to keep things simple now is probably a good time to delete these:
 * Approvers
 * Hierarchy Managers
 * Quick Deploy Users
 * Style Resource Readers
 * Viewers

=Next Steps= Go back to the build phase page.

=See also=
 * Manage permission levels (Microsoft Knowledgebase)
 * Manage SharePoint groups (Microsoft Knowledgebase)