You can setup your SharePoint site security at a variety of levels. You will need to be the site administrator to do this. Here are some of the key ways you can secure your site:
- Site Level – Control access to the entire site. You can deny access to individuals or groups. You can also define large groups of people as visitors (read only). You may assign the appropriate individuals the ability to create content or design content. You can also assign others to be site administrators but I advise you to limit this to one backup person.
- Library/List level – by default all libraries and lists inherit the site level security. If you want different security for some libraries and lists, you need to break the inheritance and custom define the security for that library/list. This is useful for private or sensitive documents such as contracts and individual performance evaluations. If you secure a library/list, it will not appear in the navigation or the site map for those in which access is denied.
- Document level – by default all documents in a library inherit the document library security. You may break this inheritance for individual documents within the library. This is useful if you have a very small number of documents to secure and don’t want to establish a new library.
You need to pay close attention to how you setup security so the site will be useful to all stakeholders while simultaneously protecting sensitive information. I suggest you consult with your project sponsor and establish a security access process before allowing access to the site.