SharePoint & OneDrive RBAC Roles

SharePoint and OneDrive administrative roles for collaboration governance, site management, and tenant-level operations.

16 roles across 6 categories. Open the interactive map →

Tenant Administration

Organization-wide SharePoint and OneDrive settings

  • SharePoint Administrator

    Full access to the SharePoint admin center. Can create and manage sites, designate site admins, manage sharing settings, and manage Microsoft 365 groups.

  • Global Reader (SharePoint)

    Read-only access to SharePoint admin center settings and configurations. Cannot make changes but can view all settings.

  • Migration Administrator

    Manages content migration to Microsoft 365 including SharePoint sites, OneDrive, and Teams from sources like Google Drive, Dropbox, and Box.

Site Management

Create, configure, and manage SharePoint sites

  • Site Collection Administrator

    Full control over a specific SharePoint site collection. Can manage all site settings, permissions, and content within their assigned site(s).

  • Term Store Administrator

    Manages the organizational term store - a directory of common terms used across the organization for metadata and content classification.

  • Hub Site Administrator

    Manages hub site registration and association. Can associate sites with hubs and configure hub-wide navigation and branding.

Content & Permissions

Site-level content and permission management

  • Site Owner

    Full control permission level on a SharePoint site. Can manage site settings, create lists and libraries, and control permissions for site members.

  • Site Member

    Edit permission level on a SharePoint site. Can add, edit, and delete content in lists and libraries but cannot manage site settings.

  • Site Visitor

    Read permission level on a SharePoint site. Can view content but cannot add, edit, or delete items.

  • Microsoft 365 Group Owner

    Owners of a Microsoft 365 group automatically become site collection administrators of the connected SharePoint team site.

Sharing & External Access

External sharing and guest access policies

  • Sharing Settings Manager

    Manages external sharing settings at organization and site levels. Controls how content can be shared with people outside the organization.

  • Access Control Manager

    Manages access control settings including unmanaged device policies, network location restrictions, and app access controls.

OneDrive Management

User OneDrive storage and sync settings

  • OneDrive Administrator

    Manages OneDrive-specific settings including storage limits, sync policies, retention, and user OneDrive administration.

  • Sync Client Administrator

    Configures OneDrive sync client settings via Group Policy or Intune. Controls sync behavior, file types, and bandwidth settings.

Advanced Management

SharePoint Advanced Management features (requires SAM license)