*
en | de
Pro User
Timespan
explore our new search
SharePoint: Permissions Video Tutorial
SharePoint Online
Nov 7, 2025 6:07 AM

SharePoint: Permissions Video Tutorial

by HubSite 365 about Pragmatic Works

Pro UserSharePoint OnlineLearning Selection

Microsoft pro: master SharePoint permissions, Microsoft ThreeSixtyFive Groups, Entra and SharePoint Admin Center sharing

Key insights

  • Microsoft 365 Groups vs SharePoint Groups: Use Microsoft 365 Groups when you want integrated membership across Teams, Outlook, and SharePoint; choose SharePoint Groups when you need site-only, granular control.
    Combine both when you want broad collaboration membership plus site-specific permissions for tighter control.

  • Tenant-level external sharing and site-level guest sharing: Tighten sharing in the SharePoint admin center to set organization-wide rules, then lock down sensitive sites at the site level.
    Audit external accounts in Entra (Azure AD) regularly to remove stale guests and reduce risk.

  • Owners, Members, Visitors and access patterns: Assign users to these default roles to keep permissions clear and simple.
    Prefer adding users to groups rather than directly sharing a site to keep access auditable and easier to manage.

  • Advanced Permissions and custom permission levels: Use classic Advanced Permissions to create or remove groups and tailor roles.
    Create only the custom levels you need (examples: Full Control, Design, Edit, Contribute, Read) to reduce complexity.

  • Permission inheritance and breaking it: Keep inheritance where possible to avoid sprawl; break inheritance only for specific libraries or items that need strict separation.
    Hiding a document library or breaking inheritance gives precise control but increases ongoing maintenance.

  • Governance and automation: Automate permission reviews and cleanup with PowerShell to avoid permission sprawl and reduce manual errors.
    Schedule regular audits, document your permission model, and balance security with system performance for scalable, auditable access.

News Brief: Pragmatic Works Releases Practical Guide to SharePoint Permissions

Pragmatic Works published a hands-on video tutorial that aims to simplify access control in SharePoint for IT teams and site owners. Presented by Allison Gonzalez, a Microsoft Certified Trainer, the video explains when to use Microsoft 365 Groups versus SharePoint Groups, how to limit guest sharing at both tenant and site levels, and how to build custom permission levels so users receive only the access they need. Consequently, the piece serves both beginners and experienced administrators who need clear, practical steps for everyday governance.


What the Video Covers

The tutorial follows a tight timeline that begins with a short overview and progresses to more advanced topics, such as auditing external users in Entra and using classic Advanced Permissions for fine-grained control. Allison demonstrates adding users to groups versus sharing sites directly, then shows how to create permission tiers like Full Control, Design, Edit, Contribute, and Read. As a result, viewers gain a clear map of where to apply group-based controls and where to make targeted exceptions.


Moreover, the video emphasizes the administrative interfaces most likely to be used in real deployments, including the SharePoint Admin Center for tenant-level settings and site-level controls for sensitive content. The walkthrough includes practical demos on breaking inheritance and hiding document libraries from certain groups, illustrating both the mechanics and consequences of those actions. Therefore, administrators can see step-by-step procedures and the immediate effects on permissions.


Managing External Sharing and Auditing

Pragmatic Works focuses significant attention on external sharing because it represents a common risk area for organizations. The presenter guides administrators through tightening external sharing at the tenant level and selectively reducing guest access on sensitive sites, while also showing how to review external accounts through Entra to ensure no unmanaged or stale guest users remain. Thus, teams can adopt a layered approach that reduces exposure without blocking legitimate collaboration.


At the same time, the video highlights tradeoffs between restricting sharing broadly and preserving collaboration. Tight tenant-level policies can stop data leaks but may impede partner workflows, whereas site-level restrictions provide nuance but demand more ongoing oversight. Consequently, the recommended practice is to combine policies: apply conservative defaults at the tenant level and tailor exceptions at the site level to balance security and productivity.


Custom Permission Levels and Advanced Controls

Another core topic is the creation of custom permission levels and the use of classic Advanced Permissions to refine roles such as Reviewers and Contributors. The tutorial demonstrates how to remove unnecessary rights and assemble permission sets that match real job functions, thereby minimizing over-permissioning. This approach helps reduce the chance of accidental data changes while keeping necessary workflows intact.


However, Allison also points out the operational costs of fine-grained customization: creating many unique permission sets increases administrative complexity and makes audits harder. Therefore, the video recommends favoring group-based patterns where possible and reserving custom permission levels for well-justified exceptions. In practice, combining group management with limited, documented custom levels produces the best balance of clarity and control.


Tradeoffs and Common Challenges

The guide candidly addresses the hard choices administrators face, such as breaking permission inheritance versus maintaining group-based consistency. Breaking inheritance can solve immediate access needs, but overuse leads to "permission sprawl," which complicates audits and can hide security gaps. Conversely, strict group-based control improves scalability but sometimes fails to meet unique business needs without careful planning.


Automation and cleanup are presented as partial solutions, yet they too bring tradeoffs. PowerShell scripts and scheduled reviews can streamline permission hygiene, but they require maintenance and competent scripting to avoid introducing errors. Consequently, the video underscores the need for a governance cadence—regular reviews, documented exceptions, and automation where it reduces manual effort without adding risk.


Best Practices and Next Steps

To conclude, Pragmatic Works recommends a layered governance model: start with conservative tenant defaults, use Microsoft 365 Groups for broad control, apply site-level exceptions sparingly, and document any custom permission levels. Furthermore, ongoing audits in Entra and periodic permission cleanup—potentially automated—help prevent stale or excessive access over time. These steps create a defensible and manageable permission posture.


Ultimately, the video delivers practical, actionable advice for teams balancing security and collaboration. By combining clear procedures, attention to tradeoffs, and a governance-first mindset, the tutorial aims to equip organizations to tighten access without stopping productive work. For administrators seeking a concise, real-world guide, Pragmatic Works’ video provides a useful roadmap to master SharePoint permissions.

SharePoint Online - SharePoint: Permissions Video Tutorial

Keywords

SharePoint permissions, SharePoint Online permissions, SharePoint permission levels, SharePoint access control, Manage SharePoint permissions tutorial, SharePoint admin permissions guide, Fix broken inheritance SharePoint, SharePoint security best practices