Managing Default Permissions in SharePoint Online (Office 365)

I stumbled across an interesting difference between the Enterprise and Professional level plans of Office 365 recently.  If you subscribe to a Microsoft Office for professionals and small businesses plan (Plan P) then any non-admin user added to SharePoint online automatically has Enhanced Contributor permission in all your sites.  But if you subscribe to one of the midsize businesses and enterprises plans (E plans) then adding users gives them no rights in SharePoint online.  You must add the users to SharePoint online sites just like you would add users to an on-premise SharePoint site.  Since most administrators only have access to one Office 365 plan this difference often goes un-noticed. 

But the more important question is how do you change the default behavior in the professional level plan.  Its actually quite simple once you know what to look for.  In your Office 365 admin page there is a link to change permissions on your Team sites and documents (see screenshot below)

 

o365perms1

 

Clicking on that link will take you to the Site permissions page for you default Team Site. 

NOTE:  Another difference between the two levels is that in the professional version you only get one Team site collection and one public website.  In Enterprise you can create multiple internal site collections but you are still limited to one public website.

On the site permissions page you will see a Domain Group named Tenant_Users (see screenshot below).  This is the group that contains ALL the users you create in Office 365.  You can see that the group is given the Enhanced Contribute permission level.  So every user that you create and assign a license to is automatically given permission to log on to your SharePoint online site.  This is very convenient, but causes a problem if you want most of your users to be limited to Read Only access to the site.

o365perms2

 

But once you recognize that this default group exists the solution is fairly simple. 

  • Select the checkbox next to the group
  • Click the Edit User Permissions button in the ribbon.
  • In the dialog that appears clear the check box next to Enhanced Contribute and select the check box next to either Read or View Only depending on how limited you want the average user’s permissions to be.  (see screenshot below)
  • Click OK

 

    o365perms3

    User’s will now default to either Read Only or View Only access to the site.  If you want to give them more permissions than that you’ll need to add them to an appropriate group or assign them rights individually.

    I’m sure there are other differences between the different plan levels that aren’t well documented.  This is just the first one I ran into.

    Published by

    Paul Papanek Stork

    I am a SharePoint MVP who has specialized in Microsoft products since the mid-1990s. As a "Jack of all Trades" I have developed expertise as a network administrator, developer, and DBA. I works as a consultant/trainer where my breadth of knowledge makes me ideally suited to combine Administrative, Development, and SharePoint Designer topics. My 20+ years of experience and broad background make me a much sought after resource for SharePoint questions that cross traditional boundaries. I was a contributing author to the Developer's Guide to Windows SharePoint Services v3 Platform and the SharePoint Server 2007 Deployment Best Practices. My most recent book, the MCTS Windows SharePoint Services 3.0 Configuration Study Guide: Exam 70-631, was released in October, 2009.

    2 thoughts on “Managing Default Permissions in SharePoint Online (Office 365)”

    1. Respected Sir,
      I have to set permissions on Office 365 apps (Calendar, Tasks Lists, Planner) and Sharepoint (Sites, Files, Folders) for Team site.
      I have created different user groups, with different access rights.
      (Permissions – View, Create, Edit, Delete, Download, Share).
      How can I customize permissions for Office 365 apps for team site and sharepoint online. I am using sharepoint online 2013.
      I need to set customized permissions other than default permissions. Help Please!!
      Thank You,
      Tushar Jani

    Leave a Reply

    Your email address will not be published. Required fields are marked *