2.1.3. SharePoint Admin Center: Sites, Libraries, and Permissions

💡 First Principle: SharePoint is Microsoft's document management and collaboration platform. Its admin center manages the structure — sites, libraries, and permissions — while the content itself lives inside those structures. Getting permissions wrong at any level cascades downward to all content beneath it.

SharePoint organizes content in a hierarchy:

Tenant
 └── Site Collection (e.g., https://contoso.sharepoint.com/sites/HR)
      └── Site (can have subsites, though modern SharePoint avoids these)
           └── Document Library (e.g., "Shared Documents")
                └── Folders and Files

Permissions in SharePoint follow an inheritance model: by default, a library inherits permissions from its site, and a file inherits from its library. Breaking inheritance at any level creates a custom permission scope — powerful, but a common source of oversharing mistakes.

The SharePoint admin center lets you:

• Create and manage site collections
• Configure tenant-wide sharing settings (who can share with whom, external sharing policies)
• Manage storage quotas per site
• Run data access governance reports (more on this in Phase 3)
• Enable or restrict features like hub sites and site templates

SharePoint roles and permissions:

⚠️ Exam Trap: SharePoint permissions and Teams channel permissions are managed separately and can diverge. When you create a Team, a corresponding SharePoint site is created automatically. But if someone is added directly to the SharePoint site without being added to the Team, they can access the files without being a Team member — a common oversharing pathway.

Reflection Question: A file in a SharePoint document library is visible to users who shouldn't have access to it. You check the library permissions and they look correct. What's another permission scope you should check, and why?