How to Create a SharePoint Group and Manage Permissions

You can create a new SharePoint group directly from your site’s permissions settings in just a few clicks. SharePoint groups let you bundle users together and assign them a single permission level, so you manage access for the whole group instead of person by person. Here’s how to set one up and configure it properly.

SharePoint Groups vs. Microsoft 365 Groups

Before you create anything, it helps to know which type of group you actually need. A SharePoint group exists only inside SharePoint. It controls who can view, edit, or manage content on a specific site. It has no mailbox, no shared calendar, and no connection to other Microsoft apps.

A Microsoft 365 group is broader. When you create one, you automatically get a shared mailbox, a calendar, a SharePoint team site, a Planner board, and a membership roster that carries across all of those tools. If your goal is to stand up a collaborative workspace for a project team or department, a Microsoft 365 group gives you more out of the box. If you simply need to control who has access to a particular SharePoint site or library, a SharePoint group is the lighter, more targeted option.

Default Groups Every Site Already Has

Every SharePoint team site comes with three built-in groups, each mapped to a default permission level:

• Owners have Full Control. They can change site settings, manage permissions, and delete the site.
• Members have Edit permissions. They can add, edit, and delete list items, documents, and lists, but they can’t change site-level settings.
• Visitors have Read permissions. They can view pages, documents, and list items but can’t change anything.

Some sites also include a Viewers group with View Only access, which lets people see content in the browser but not download or edit it. For many situations, adding users to one of these existing groups is all you need. Create a custom group when the default permission levels don’t match what you want a set of users to do.

Steps to Create a New SharePoint Group

You need to be a site owner or site collection administrator to create groups. Here’s the process:

1. Open your SharePoint site and go to Settings (the gear icon in the top right).
2. Select Site permissions.
3. Click Advanced permissions settings at the bottom of the permissions panel. This takes you to the classic permissions page.
4. In the ribbon, click Grant Permissions, then look for the option to create a group. Alternatively, navigate to the Groups listing on the left sidebar to see all current site collection groups, then click New.
5. Give the group a clear, descriptive name. Something like “Marketing Reviewers” or “Finance Read-Only” makes it obvious who belongs and what they can do.
6. Set the group owner. By default this is you, but you can assign another user or group.
7. Configure the membership settings: choose whether everyone can view group membership or only group members, and whether the owner alone can add and remove members or members themselves can also do so.
8. Under the permission level dropdown, assign the appropriate level (Read, Edit, Full Control, or any custom level your site uses).
9. Click Create.

Your new group now appears in the site’s permissions list. You can start adding users to it immediately.

Adding and Removing Members

Once the group exists, open it from the permissions page and click New to add people. Type a name or email address, and SharePoint will search your organization’s directory. You can add individual users or security groups from Azure Active Directory (your organization’s user directory). Adding a security group nests its entire membership inside your SharePoint group, which saves time when dozens or hundreds of people need the same access.

To remove someone, open the group, select the checkbox next to their name, and click Actions then Remove Users from Group. The change takes effect immediately.

Configuring Access Requests

SharePoint can let people request access to your site when they don’t already have it. To set this up, go to Settings, then Site permissions, and click Change how members can share. Under Access requests, toggle Allow access requests to On. You can route those requests to all site owners or to a specific email address, such as a distribution list your team monitors.

When a request comes in, you’ll find it under Settings, then Site contents, then Access requests (this link only appears when pending requests exist). From there you can choose a permission level for the requester and approve or decline. Only site collection administrators, SharePoint administrators, and members of the Owners group can see and process these requests.

Controlling What Members Can Share

Creating the group is only half the job. You also want to decide how broadly members of your site can share content with others. Under the same sharing settings panel, you’ll find three tiers:

• Widest: Site owners, members, and anyone with Edit permissions can share files, folders, and the site itself.
• Middle: Owners and members can share files and folders, but only owners can share the site.
• Tightest: Only site owners can share files, folders, and the site.

If you created a custom group specifically to limit access, pick the tighter setting so members of that group can’t inadvertently grant access to people outside it.

Tips for Keeping Permissions Clean

Groups work best when each one maps to a clear role. Resist the temptation to assign permissions directly to individual users, because over time those one-off grants pile up and become impossible to audit. Instead, create a group for each distinct access pattern your site needs, name it descriptively, and add people to the group.

Review group membership periodically. When someone changes roles or leaves a project, remove them from the group rather than layering on new restrictions. SharePoint inherits permissions down through subsites, libraries, and folders, so a group assigned at the site level will automatically apply to everything beneath it unless you explicitly break inheritance on a specific library or folder. That inheritance is powerful but can also grant more access than intended if you’re not paying attention to it.