SharePoint & OneDrive RBAC Roles
SharePoint and OneDrive administrative roles for collaboration governance, site management, and tenant-level operations.
16 roles across 6 categories. Open the interactive map →
Tenant Administration
Organization-wide SharePoint and OneDrive settings
-
SharePoint Administrator
Full access to the SharePoint admin center. Can create and manage sites, designate site admins, manage sharing settings, and manage Microsoft 365 groups.
-
Global Reader (SharePoint)
Read-only access to SharePoint admin center settings and configurations. Cannot make changes but can view all settings.
-
Microsoft 365 Migration Administrator
Manages content migration to Microsoft 365 including SharePoint sites, OneDrive, and Teams from sources like Google Drive, Dropbox, and Box.
Site Management
Create, configure, and manage SharePoint sites
-
Site Collection Administrator
Full control over a specific SharePoint site collection. Can manage all site settings, permissions, and content within their assigned site(s).
-
Term Store Administrator
Manages the organizational term store - a directory of common terms used across the organization for metadata and content classification.
-
Hub Site Administration
Responsibility profile, not a standalone Microsoft role. SharePoint Administrators register hubs; authorized site owners or site admins can associate sites and manage hub content within their…
Content & Permissions
Site-level content and permission management
-
Site Owner
Full control permission level on a SharePoint site. Can manage site settings, create lists and libraries, and control permissions for site members.
-
Site Member
Edit permission level on a SharePoint site. Can add, edit, and delete content in lists and libraries but cannot manage site settings.
-
Site Visitor
Read permission level on a SharePoint site. Can view content but cannot add, edit, or delete items.
-
Microsoft 365 Group Owner
Owners of a Microsoft 365 group automatically become site collection administrators of the connected SharePoint team site.
Sharing & External Access
External sharing and guest access policies
-
Sharing Settings Administration
Responsibility profile, not a standalone Microsoft role. Organization and site sharing settings are managed by SharePoint Administrators.
-
SharePoint Access Control Administration
Responsibility profile, not a standalone Microsoft role. SharePoint Administrators manage these tenant controls, often together with Conditional Access Administrators.
OneDrive Management
User OneDrive storage and sync settings
-
OneDrive Administration
Responsibility profile, not a standalone Microsoft 365 admin role. OneDrive tenant settings and user OneDrive administration are handled through the SharePoint Administrator role.
-
OneDrive Sync Policy Administration
Responsibility profile, not a standalone Microsoft role. Sync policies are configured with Group Policy or Intune by administrators who hold the required device-management permissions.
Advanced Management
SharePoint Advanced Management features (requires SAM license)
-
SharePoint Advanced Management Administrator
Manages SharePoint Advanced Management (SAM) features including data access governance, content lifecycle management, and advanced access controls.
-
Restricted Site Creation Administration
Responsibility profile, not a standalone Microsoft role. SharePoint Administrators or SharePoint Advanced Management Administrators configure these policies with SharePoint Online PowerShell.