I am trying to set up the permission structure for a large high school sharepoint site.
Top level of site Owner full rights, Everyone read only
Faculty level Owner full rights, HODs edit rights, Every else read only
Teacher level Owner full rights, Hod edit rights , teacher edit rights , everyone else read only
Class level Owner full rights, Hod edit rights , teacher edit rights , class members contribute rights, everyone else read only
My understanding was if I have each sub-site inherit the rights from above, I could systematically add the groups with new rights eg HOD at Faculty level it that would be applied at that level and everything below it.
In my experimentation, when I added HOD edit rights at the faculty level it gave them edits rights at the top level as well.
The only way I could avoid this was to stop inheriting the rights at each level which seemed to defeat the purpose. Any ideas?