Sharepoint Permission
Hi I have a question on permission for Sharepoint. Our departments are categorized into different sites. For example, a finance user need to access a document library in the trading site. She should only see that DL "abc" and mustn't see the rest. I have stop inheritance for DL "abc" and give her permission to it. However, she can only access äbc through the web link. I want her to be able to access the whole of Trading site but only able to view "äbc". May I know how do i achieve that pls?
Usuall, if you assign permissions on a sub level, Sharepoint assignes "Limited Access" to the containing container. So it depends, were you habe broken the inhertage of permissions.
Means, if you have set dedicated permissions on a document, the user gets "Limited Access" to the document library, but not necessarily to parent items, if the permission in broken again on a higher level.
To do what you intend to do (to be able to click on a link as well as to click through the hierarchy), the user needs at least "Limited Access" on all parent containers...
Site Collection - Site - Library where the item resides.
Means, if you have set dedicated permissions on a document, the user gets "Limited Access" to the document library, but not necessarily to parent items, if the permission in broken again on a higher level.
To do what you intend to do (to be able to click on a link as well as to click through the hierarchy), the user needs at least "Limited Access" on all parent containers...
Site Collection - Site - Library where the item resides.
ASKER
Hi Bembi, I have broken the hierachy but SharePoint doesnt give me persmission to that particular site. I can only access the site through the url but not when I click the home page of that site unless I share the site and the person can then view everything in that site which i do not want.
Yes, I understand, but this is the contruction how Sharepoint handles permissions.
If you want a user to klick through, you have to assign at least limited access the the user on each page / site on the way to the document. And this "Limited Access" permission gives the user the right, to read the content (but not to open documents) on the way to the target.
There are some costructional solution for such "cross-organizational" access needs.
Just for you to think about, if one of them is suitable for you. But some of them may depend on the general structure of your Sharepoint.
Lets assume, we have department A and B, nobody of DepA should acces DepB and vice versa..., with the exception of some documents / items / pages.
With item-level permissions (not recommended at all, but sometimes not avoidable), you can give a person of DepA access to items in DepB
To avoid the pass-though path, you can.
1.) Place a link to the document on the DepB page (direct access to the item)
2.) Place a "shared" document library somewhere in Sharepoint on a common level, give access permissions to DepA and item permissions on DepB. Insert the library somewhere inside the DepA site, where it should be visible. You can also insert the library somewher in DepB. DepB can see the whole library, but only open document they have permissions for.
3.) Also a possiblity would be - as a Sharepoint library is also a data provider - the grab data from one Sharepoint library into a second one. A little bit more complicate, as you need propably SharePoint Designer to construct such a connection.
If you want a user to klick through, you have to assign at least limited access the the user on each page / site on the way to the document. And this "Limited Access" permission gives the user the right, to read the content (but not to open documents) on the way to the target.
There are some costructional solution for such "cross-organizational" access needs.
Just for you to think about, if one of them is suitable for you. But some of them may depend on the general structure of your Sharepoint.
Lets assume, we have department A and B, nobody of DepA should acces DepB and vice versa..., with the exception of some documents / items / pages.
With item-level permissions (not recommended at all, but sometimes not avoidable), you can give a person of DepA access to items in DepB
To avoid the pass-though path, you can.
1.) Place a link to the document on the DepB page (direct access to the item)
2.) Place a "shared" document library somewhere in Sharepoint on a common level, give access permissions to DepA and item permissions on DepB. Insert the library somewhere inside the DepA site, where it should be visible. You can also insert the library somewher in DepB. DepB can see the whole library, but only open document they have permissions for.
3.) Also a possiblity would be - as a Sharepoint library is also a data provider - the grab data from one Sharepoint library into a second one. A little bit more complicate, as you need propably SharePoint Designer to construct such a connection.
ASKER
hi Bembi, I understand that it may be a bit complicated if we were to go down to multiple levels/folders in each document library. But i just need some users outside Dept A to be able to access an entiire Document Library in Dept A. Other document librarys are hidden/inaccessible. Is that possible to do?
You can of course...
But in this case, you would break the inheritage for each item an DepA site.
Lets say, we have DepA site with 3 doc libraries, 1 Taskslist etc. And you want to give DepB only access to the tasklist.
Then you break the inheritage for the three doc libraries and give only DepA permissions.
Dep B has "Limited Access" on the root site and the according permissions to the task list.
If this is a simple site, it is easy to handle.
If the site is compalex, you have to change a lot of permission.
Disadvantages:
a.) Even if DepA creates new content, they have additionally to break the permission to make it invisible for DepB.
b.) Item level permissions are not recommended for SharePoint as performance critical.
c.) Item level permissions are not quite easy to follow up.
But in this case, you would break the inheritage for each item an DepA site.
Lets say, we have DepA site with 3 doc libraries, 1 Taskslist etc. And you want to give DepB only access to the tasklist.
Then you break the inheritage for the three doc libraries and give only DepA permissions.
Dep B has "Limited Access" on the root site and the according permissions to the task list.
If this is a simple site, it is easy to handle.
If the site is compalex, you have to change a lot of permission.
Disadvantages:
a.) Even if DepA creates new content, they have additionally to break the permission to make it invisible for DepB.
b.) Item level permissions are not recommended for SharePoint as performance critical.
c.) Item level permissions are not quite easy to follow up.
ASKER
Hi Bembi, that is to say if i have 10 doc libraries under DeptA, I will need to break permission inheritance for the other 9 doc libraries if i were to give permission to the 10th library to user abc. What permission do i need to give user abc to let him access Dept A site?
Limited Access...
This is needed to be allowed to see the DepA site...
This is needed to be allowed to see the DepA site...
ASKER
Hi Bembi, may i know how to give limited access to a user to the site? I gave the user access to a document library within the site but this does not automatically give him limited access permission to the site.
Limited Access is granted automatically as far as the user don't have permissions on the root level. You cannot grant it directly.
This should work anyway as far as the list / library, which has got permissions, is on the same site.
http://stackoverflow.com/questions/2911537/sharepoint-you-cannot-grant-limited-access-permission-level
http://technet.microsoft.com/en-us/library/cc721640.aspx
If this doesn't work, something may be wrong with the site. You may use the "Check Permissions" Button to check, if the user has any permissions due to membership within another group.
You may also try another user.
Last option is of course to create your own access level with similar permissions and grant this permission for that user.
This should work anyway as far as the list / library, which has got permissions, is on the same site.
http://stackoverflow.com/questions/2911537/sharepoint-you-cannot-grant-limited-access-permission-level
http://technet.microsoft.com/en-us/library/cc721640.aspx
If this doesn't work, something may be wrong with the site. You may use the "Check Permissions" Button to check, if the user has any permissions due to membership within another group.
You may also try another user.
Last option is of course to create your own access level with similar permissions and grant this permission for that user.
ASKER
Yes. the problem is Limited Access is not granted automatically in my case :( I've got to grant restricted reader permission
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER