In addition, the SharePoint model is inclusive, not exclusive. That is, you cannot define activities that users or groups are not allowed to perform. For example, the Visitors group has the Read permission level by default, so people often associate the Visitors group with Read permissions, even though this doesn’t have to be the case. For example, when you want Visitors to be able to respond to a survey, they will need Contribute permissions.
As a general rule, you always want to give a person or group the least amount of permissions to effectively achieve the required business functionality . . . and no more (the “principle of least privilege”)...
Share this highlighthttp://www.safaribooksonline.com/a/essential-sharepoint-2013/38503/