Skip to main content
Sign In

University Web Services (UWS)




Login and Permissions

Permissions—the big picture

SharePoint 2010 is a web application that is secured through different layers of permissions. The comprehensive content management, enterprise search and collaboration functionality is provided through a multi-server environment referred to as a farm. For instance, the CU Denver farm is one site collection providing content for both the Anschutz Medical Campus (AMC) and the Downtown Denver Campus (DDC). The illustration below depicts a typical farm or site collection topology.


The players

Site collection administrators: Members of the site collection administrators group have full control permission on all web sites within a site collection. This means that they have access to content in all sites in the site collection, even if they do not have explicit permissions on that site. This group includes ASI&D team members.
Site owners: By default, members of the site owners group have full control permissions on an individual site. Administration tasks can be performed for the site and for any list or library within the site. Members of the University Web Services (UWS) team are members of the UCD_SiteOwners group.
Keep in mind that every site collection is an island of security. What The School of Public Affairs (SPA) does in the SPA site collection will not affect what the School of Engineering does in its site collection.  By default, a child site will automatically inherit the permissions of its parent unless the permission inheritance from the parent is stopped and the child site establishes unique permissions.

  • Never add individuals to a site
  • Always add individuals to groups

Permission levels

Full control

User has full control


User can view, add, update delete, approve and customize

Manage hierarchy

User can create sites and edit pages, list items and documents


User can edit and approve pages, list items and documents


User can view, add, update and delete list items and documents


User can view pages and documents, but cannot view historical versions or user permissions

Restricted read

User can view pages and documents but cannot view historical versions or user permissions

Limited access

User can view specific lists, documents libraries, list items, folders or documents when given permission

The following permission groups are at the parent site (UCDENVER.EDU), and should be inherited with every university site:

  • Style Resource Readers--Limited Access

All authenticated users are members of this group for access to all file trees within in the site collection for moving, copying and spell check.

  • UCD_SiteOwners--Full Control
  • UCD_ContentManagers--Manage Hierarchy, Approve, Contribute
  • UCD_Contributors--Approve, Contribute

In addition, individuals can be added to localized permission groups. Keep in mind that membership to each group should be unique. In other words, if Joe is in the site owner group, he would not be a member of either of the other permission groups.

  • SITE_or_Department_SiteOwners—i.e. SOM_Pediatrics_SiteOwners
  • SITE_or_Department_ContentManagers—SOM_Pediatrics_ContentManagers
  • SITE_or_Department_Contributors—--SOM_Pediatrics_Contributors
  • SITE_or_Department_Editors—SOM_Pediatrics_Editors

© The Regents of the University of Colorado, a body corporate. All rights reserved.

Accredited by the Higher Learning Commission. All trademarks are registered property of the University. Used by permission only.