SharePoint allows permission levels to be applied to site users as well as security groups, such as Active Directory groups, that have been added to the site. However, this is not the recommended approach. Rather, Microsoft recommends that site owners and administrators assign permission levels to SharePoint groups and then add site users and security groups to the SharePoint groups.