SharePoint & OneDrive · Content & Permissions
Site Visitor
Read permission level on a SharePoint site. Can view content but cannot add, edit, or delete items.
Scope: Single SharePoint site
Permissions
- Content - View pages, lists, and documents
- Views - View default and public views
- Download - Download documents (unless blocked)
- Versions - View version history
Common use cases
- Intranet portal readers
- Policy and procedure viewers
- Executive dashboard access
- External stakeholder read access
Best practices
- Use for broad information sharing
- Consider for published content sites
- Combine with block download policy for sensitive content
Security considerations
- Can download files unless explicitly blocked
- Can view version history including previous versions
- Cannot see items with unique permissions they lack access to
Common questions
When should I assign the Site Visitor role?
Assign Site Visitor when you need to: Intranet portal readers; Policy and procedure viewers; Executive dashboard access; and External stakeholder read access. It is part of SharePoint & OneDrive and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Site Visitor role do?
The Site Visitor role grants permissions including: Content - View pages, lists, and documents; Views - View default and public views; Download - Download documents (unless blocked); and Versions - View version history. See the Permissions section above for the full list.
What are the security risks of the Site Visitor role?
Key considerations when assigning Site Visitor: Can download files unless explicitly blocked; Can view version history including previous versions; and Cannot see items with unique permissions they lack access to. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.