The process of granting permissions in Microsoft 365 seems straightforward. Most users are familiar with Microsoft's three default permission groups: owners, members, and visitors. These three permission roles simplify permission management, but do you understand what those access levels mean? And what if you need more control over who can do what on your projects? Read on to learn how Microsoft 365 structures permissions and how to manage permissions for your construction projects effectively.
Microsoft 365 consists of several layers of permission management. In this article, we will discuss the following two:
- Microsoft 365 Admin roles
- Application specific roles
In our upcoming installments in the series, we will cover SharePoint permission levels, groups, and sharing.
Microsoft Admin roles
Admin roles are assigned from the Microsoft 365 admin center. There are many administrative roles, such as billing, licensing, and Office Apps. Most construction organizations already have a Microsoft 365 tenant administrator overseeing the administration duties. However, suppose you want separate users responsible for SharePoint or Teams administration. In that case, you must assign those admin roles to those users.
SharePoint Admin: This permission role would be needed if the user plans on creating/deleting SharePoint site collections and modifying their settings. This role allows the admin ability to:
- Create and delete site collections. Note: a non-Admin can still indirectly create SharePoint sites, but they are associated with an application (e.g., Teams, Planner, etc.).
- Manage site collections and global SharePoint settings.
Each application in Microsoft 365 has some level of permissions or sharing that follows a somewhat consistent pattern. The three common roles you will find in most Microsoft 365 applications are:
- Owner – Typically allows users to create, edit, and delete artifacts (sites, plans, teams, etc.) and records. This role also can add and assign users/permissions and manage site-scoped features.
- Member – Allows users to create, edit, and delete records. A record could be a document or a line item in a SharePoint list.
- Visitor/Guest – Allows users to view records. They cannot add or delete records.
An example of these roles in Microsoft Teams is below:
- Owner - Team owners manage specific settings for the team. They add and remove members and guests, change team settings, and handle administrative tasks. There can be multiple owners in a team.
- Members - Members are the people in the team. They talk with other team members in conversations. They can view, upload, and change files. They also do the usual collaboration that the team owners have permitted.
- Guests - Guests are people from outside your organization that a team owner invites, such as partners or consultants, to join the team. Guests have fewer capabilities than team members or owners, but there's still much they can do.
Next up: SharePoint Permissions
The basics of assigning permissions are simple, but what if you want to change or make permissions more granular?
At the core of most Microsoft 365 applications is SharePoint. Data created in applications like Microsoft Teams is stored in SharePoint-named sites. So, when you create a new team, a SharePoint site is created automatically associated with the team. The same goes for Microsoft Planner when you create a plan. Microsoft Lists saves your lists to SharePoint based on the site you select. So, to modify permissions, you need to understand SharePoint permissions. We will cover SharePoint permissions in our next article.
Meanwhile, contact us for a free one-hour consultation if you need help with Microsoft 365 permissions or setup. If you need a turnkey construction management solution for Microsoft 365, you can request a demo of Construction Viz.