Below are recommendations in setting permissions on SharePoint:
- Limit the number of users with Full Control. Do not provide Full Control to users who are not knowledgeable about SharePoint permissions management and site settings.
- Minimize the breaking of permission inheritance or creating a unique list of permissions. Do not assign permission directly to an individual user, instead add the user to a SharePoint group.
- Use the default permission levels. If there is a need to have custom permission levels, do not modify the default. Instead, create a new custom permission level.
- Do not assign permission directly to an active directory (AD) security group, instead, add the AD group as a member of a SharePoint group.
- In using an AD group, make sure the AD group is well defined and up-to-date.
- When assigning an owner to a group, preferably use a SharePoint group. Do not assign ownership to an individual user account.
Adding a lot of individual users to a SharePoint site may lead to the following issues:
- difficult in checking of broken permissions
- manual/laborious process in giving access
- may lead to performance issues
- may cause limited access/access denied issues