BrightWork and SharePoint permissions may seem daunting for most people. Understandably, for some sensitive projects, non-team members and stakeholders need to be restricted from viewing the project information. It makes sense to implement controls for these team members. However, it is recommended not to get too granular as this can cause headaches in the long run.
I have prepared a table to help with understanding the different BrightWork and SharePoint permissions group and what users are permitted to do. These groups should not be altered or changed but serve as a baseline if you wish to create BrightWork and SharePoint permission levels for your BrightWork site collection. The reason is that BrightWork and SharePoint permissions are inherited so making a change in one place will propagate across the entire site collection.
For specific BrightWork features e.g. Design Sync, Schedule Email, etc. our help contains a useful article that explains the permissions that users need throughout BrightWork site collections and sites.
As a best practice, I recommend documenting any sites where you implement BrightWork or SharePoint permissions. It’s easy to forget what permissions and where sites custom permission groups were set up. Not to mention if you need to perform any security audits.
BrightWork and SharePoint Permissions