- Permission: They are the unit of access that represents the individual task that can be performed on a securable object. Note that Permissions can not be deleted.
- Permission Level: Predefined sets of permissions that are given to users.
- User: Is the smallest object that access can be granted. User could be Active Directory account.
- User Groups: Is set of users that are grouped for common properties and ease of managing.
- Securable Object: Web (Site), List, Library and Item.
- Inheritance: When a securable object is created, it inherits user access of it`s parent object.
- Site Groups: When a new site is created group of sites are created automatically for the user.
Note: Never modify a default Permission Level that is generated by SharePoint. If you want to customize a Permission Level, copy one of the default permission level and do the changes on the copy of that permission level.
It is never a good idea to delete a Permission Level. If you don`t need it leave it.
Active Directory Groups:
- For security reasons you must use only e-mail enabled Active Directory security groups. You can`t use Distribution Lists. Reason is, in order for an object to be used in security it must have SID (Security ID). Distribution lists does not have SID.
* All Authenticated Users: AD group that represents all of the users who authenticate to AD domain. NT AUTHORITY\Authenticated Users
From this site you can watch very helpful video.
I will write about managed user accounts in SharePoint 2010 in near future. That topic will need it`s own post.