SharePoint Permission Inheritance – Site versus Library

I learnt this, the hard way recently that SharePoint security inheritance mechanism between "Site and Library" is not the same as "Site and Sub sites".

Let's say you have parent site "Parent Site" and its sub site called "Child Site".

You break inheritance on "Child Site". Any security changes you make to parent "Parent Site" now, should not affect "Child Site" as it has unique permissions.

All good between sites.

SADLY it is not the case between Site and document libraries.

Let's say you have a site called "ABC Site" which has a document library called "Doc Lib". You assign direct "Contribute" permission to a user "User1" on site level.

You break inheritance on "Doc Lib". Now "Doc Lib" has a copy of all permissions (including "User1") from the site and you can add/remove more permission.

Now ideally, any security change on the site "ABC Site" should not affect "Doc Lib" permissions.

Instead, if you remove "User1" permissions from site level, for some reason it will also be removed from "Doc Lib" unique permissions.

I was hoping SharePoint would automatically add "Limited Access" in case you remove users (who have item level permission) from site level.

DOES THIS MAKE SENSE TO YOU?

Comments

Post a Comment

Popular posts from this blog

PowerApps Form for SharePoint and Access Denied Errors

Image
Error When using SharePoint's Online's customise form option to create PowerApps forms, we may encounter the error below: An error occurred on the server. Server Response: Access denied. You do not have permission to perform this action or access this resource.  This is often caused by lack of permissions on underlying lists. Scenario I was using multiple list data sources in a single PowerApps list form. Form had staged input screens for related data and a group of end users was not allowed access to the list corresponding to the last stage of input. Nonetheless, when the form opened for any user, PowerApps was trying to load all the data sources resulting in above error. The Fix I could conveniently fix the error by granting at least read-only access to end users on all lists. However, the list causing error had confidential data only restricted to few users.    An easy fix is to add an empty folder, break it's inheritance and assign less privi...
Read more

Prevent site owners from creating subsites in SharePoint 2010

Image
If your users are naughty enough and you want to keep them from adding new sub sites for a specific web application. Just follow the steps below: This is specially useful when the naughty users are site owners such as in case of My Sites. 1. From Central Administration, Go to “Manage Web Application” screen. 2. Select a web application and click the “Permission Policy” button from the ribbon. 3. A screen will pop up with all existing permission levels. 4. Select “Add Permission Policy Level” link from the screen. 5. On “Add Permission Policy Level” screen, name the permission level appropriately. 6. Under Site Permissions category, select the “Deny” option for “Create Subsites” permission and save it. 7. You will see a new Permission Policy Level in the list of existing ones. 8. From the ribbon, click “User Policy” button. 9. A screen will pop up with all existing user policies. 10. Click “Add Users” link from Policy For Web Application screen. 11. A wizard will open, allowing you to s...
Read more

Getting Page Field Value in custom publishing page layout

I wanted to create a custom publishing page layout which should render certain UI elements based on the page metadata. For e.g. a page metadata field called "Page Type" being used to display different links on pages (created with the page layout). Surprisingly, first step in the process i.e. reading the page field using SharePoint Javascript API proved to be rather painful as my good friend google wasn't willing to put it on my plate. Finally came up with some code to get this done so sharing below:---- Include this code into your custom publishing page layout to query page metadata fields within the layout: /**************************************************************************************/ var pageItem; //variable for list item of page being displayed (which uses this page layout) var pageFieldNameVar = '[internal name of a custom page field]' ; //variable for page field to be retrieved var context; // This variable will cont...
Read more