Traditionally, in any Windows Active Directory Domain, the responsibility for adding users and groups and assigning privileges to those groups has been in the hands of the server or domain administrator. User provisioning would include assigning access to all resources and objects in the domain, including intranet sites. MOSS 2007 allows the SharePoint Site owner to have control over the creation and administration of users and groups for Site Collections. This power gives local site administrators fine-grained control over who can and cannot interact with various parts of a portal. Rather than rely on a remote administrator, the local site administrator can grant, revoke, and modify permissions on a per-site, per-part, or sometimes even per-list element basis.

There are three default SharePoint groups created when a site is created, and each group possesses default access permissions:

It is unlikely that the default groups provided will meet all of your needs. However, you can create or modify SharePoint groups to satisfy any access or security needs required by your teams, departments, and overall organization in the following ways: