What is the best practice in setting permission levels for a web site as a whole, versus the rights you want to grant users within SharePoint Groups.
For example, I have a website called ABCwebsite. I have three levels of permissions at the highest level - Full Control, Contribute and Visitors. I've created three groups - (1) ABCwebsite Owners, (2) ABCwebsite Members and (3) ABCwebsite Visitors.
I've two subsites - (1) ABCCustAccounts and (2) ABCITAccounts. Each subsite has the following groups - Owners, Contributors, Visitors and Approvers.
I want to allow the following:
(1) all company staff who are authenticated to be able to view and download items from the main site - ABCwebsite.
(2) allow all authenticated staff to be able to view all files in the subsite ABCCustAccounts, but only Accounting staff to have contributing and then approval rights for items that appear in this subsite.
(3) all authenticated staff to be able to view some lists but not all lists on the subsite ABCITAccounts, but only IT staff to have Owner, Contributor, and Approver group rights here.
How do I make sure that I've not inadvertently restricted the higher level rights by granting only Visitor group rights at the main level?
Thanks in advance.
.jpeg)
