As an IT professional, dodging administrative nightmares sometimes feels like a Choose Your Own Adventure book where any wrong turn can spell disaster. A surefire way to send yourself back to page one is setting permissions on an individual user level. Doing so creates unnecessary work for administrators and potential security issues. When user permissions are assigned individually, it becomes impossible to tell who has access to what, especially for deeply nested folders.
As you design your folder environment architecture, strive to keep user permissions as simple and high level as possible. For example, instead of granting permission for each HR employee to every HR related folder, build a library of HR related content and a group for HR users. Groups based on roles are much easier to manage and track for custom permissions.
To create a group, click Settings > Site Settings > Users and Permissions > Site Permissions > Create Group. Type a name and description for this SharePoint group in the fields provided, and specify who can view and edit the membership of this group under “Group Settings”. Assign a permission level for the group in the “Give Group Permissions to this Site” section and click Create.