Skip to main content

Site Visitors

Site Visitors is the default SharePoint security group for read-only access. People in this group receive the Read permission level: they can browse pages, open and download documents, view list items and version history, and use search, but they cannot add, edit, or delete anything. It is the right home for the broad audience of an intranet or communication site, where a handful of people maintain the content and everyone else simply consumes it.
Related Features
Communication Site, Microsoft Entra Groups, Share, SharePoint Groups, Site Members, Site Owners

Common Use Cases

  • Intranet audiences: the entire organization reading news and pages on a communication site while a small team publishes
  • Policy and procedure libraries: staff consult official documents without any risk of changing them
  • Knowledge bases: readers search and browse articles maintained by a few subject matter experts
  • Leadership broadcasts: executives publish announcements that everyone can read but nobody can alter
  • Completed projects: archived team sites where former contributors move to Visitors so the record stays intact
  • Auditors and stakeholders: people who need visibility into a site without participating in the work

Benefits

  • Content integrity: visitors physically cannot edit, overwrite, or delete anything, so published content stays exactly as approved
  • Effortless wide rollout: adding Everyone except external users to Visitors gives the whole organization read access, including future hires
  • Entirely out of the box: the group and its Read permission level ship with every site and need no custom configuration
  • Clean reading experience: SharePoint hides editing commands from visitors, so they see a simple, uncluttered site
  • Search stays scoped: search results are security trimmed, so visitors only ever find content they are allowed to read
  • Clear governance: separating readers from contributors makes access reviews fast and keeps accountability with the publishing team

How It Works

  • Read permission level: visitors can view pages and list items, open and download documents, and see version history
  • Security trimming: editing commands and restricted content simply do not appear for visitors, with no errors to explain away
  • Whole-organization access: the built-in Everyone except external users group can be placed in Visitors to cover the entire company at once
  • Alerts still work: visitors can set alerts on lists, libraries, and documents to get notified when content changes
  • Owner-managed membership: site owners add and remove visitors, individually or through Microsoft 365 and security groups

Limits and Nuances

  • Download is included: Read allows opening, downloading, and copying files; blocking downloads calls for the more restrictive Restricted View permission level
  • Site-wide by default: the Visitors group grants read access to the entire site; hiding a specific library requires breaking permission inheritance on it
  • No personal views: creating personal list views requires Contribute-level rights, so visitors use the public views owners provide
  • Sharing is limited: depending on the site’s sharing settings, a visitor’s attempt to share content can become an access request for owners to approve
  • Guests can be visitors: external users can be added to the group when guest sharing is enabled, which suits read-only vendor or client access
  • Version history is visible: visitors can open version history on documents they can read, which matters if early drafts contained sensitive edits

Common Questions About Site Visitors

What is the Site Visitors group in SharePoint?

Site Visitors is one of the three default security groups created with every SharePoint site, alongside Site Owners and Site Members. It carries the Read permission level, making it the standard home for read-only users. Visitors can browse pages, open and download documents, and search the site, but they cannot add, change, or delete any content.

What can site visitors actually do?

Visitors can view pages and list items, open and download documents, see version history, use search, and set alerts so they are notified when content changes. What they cannot do is just as clear: no editing, no uploading, no deleting, and no changes to lists, libraries, or pages. SharePoint hides the editing commands from them entirely.

Can site visitors download documents?

Yes. The Read permission level includes downloading and copying files, not just viewing them in the browser. If downloads are a concern, SharePoint offers the more restrictive Restricted View permission level, which lets people view supported documents in the browser without downloading them. Swapping the Visitors group to Restricted View changes that behavior across the site.

How do I give my whole organization read access to a site?

Add the built-in Everyone except external users group to Site Visitors. That single entry covers every internal employee, including people hired after the change, with no ongoing maintenance. It is the standard pattern for intranet and communication sites where content is meant for the entire company. External guests are excluded by design and would need to be added separately.

What is the difference between a visitor and a member?

A visitor reads; a member edits. Visitors hold the Read permission level, so they can view and download but never change anything. Members hold Edit on modern sites, which lets them add, update, and delete documents and items, and even manage lists and libraries. The split keeps the audience large and the group of people who can change content deliberately small.

How should the Visitors group be used on an intranet?

Generously. On the LookBook 365 intranets Greg Zelfond builds, the entire organization typically sits in Site Visitors on every communication site, while a handful of content owners hold member or owner rights. Built entirely out of the box, that model gives employees friction-free access to news, policies, and resources while guaranteeing that published content cannot be accidentally changed.