• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 712
  • Last Modified:

Sharepoint Permission

Hi I have a question on permission for Sharepoint. Our departments are categorized into different sites. For example, a finance user need to access a document library in the trading site. She should only see that DL "abc" and mustn't see the rest. I have stop inheritance for DL "abc" and give her permission to it. However, she can only access äbc through the web link. I want her to be able to access the whole of Trading site but only able to view "äbc". May I know how do i achieve that pls?
  • 6
  • 6
1 Solution
totallypatrickAuthor Commented:
I have given permission to the user in the document library and i read that Sharepoint would automatically give permission to that user in that site but that does not happen. Is there anything i should do to have that user assigned with "limited permission" on that site?
Usuall, if you assign permissions on a sub level, Sharepoint assignes "Limited Access" to the containing container. So it depends, were you habe broken the inhertage of permissions.

Means, if you have set dedicated permissions on a document, the user gets "Limited Access" to the document library, but not necessarily to parent items, if the permission in broken again on a higher level.

To do what you intend to do (to be able to click on a link as well as to click through the hierarchy), the user needs at least "Limited Access" on all parent containers...

Site Collection - Site - Library where the item resides.
totallypatrickAuthor Commented:
Hi Bembi, I have broken the hierachy but SharePoint doesnt give me persmission to that particular site. I can only access the site through the url but not when I click the home page of that site unless I share the site and the person can then view everything in that site which i do not want.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Yes, I understand, but this is the contruction how Sharepoint handles permissions.
If you want a user to klick through, you have to assign at least limited access the the user on each page / site on the way to the document. And this "Limited Access" permission gives the user the right, to read the content (but not to open documents) on the way to the target.

There are some costructional solution for such "cross-organizational" access needs.
Just for you to think about, if one of them is suitable for you. But some of them may depend on the general structure of your Sharepoint.

Lets assume, we have department A and B, nobody of DepA should acces DepB and vice versa..., with the exception of some documents / items / pages.

With item-level permissions (not recommended at all, but sometimes not avoidable), you can give a person of DepA access to items in DepB

To avoid the pass-though path, you can.
1.) Place a link to the document on the DepB page (direct access to the item)
2.) Place a "shared" document library somewhere in Sharepoint on a common level, give access permissions to DepA and item permissions on DepB. Insert the library somewhere inside the DepA site, where it should be visible. You can also insert the library somewher in DepB. DepB can see the whole library, but only open document they have permissions for.
3.) Also a possiblity would be - as a Sharepoint library is also a data provider - the grab data from one Sharepoint library into a second one. A little bit more complicate, as you need propably SharePoint Designer to construct such a connection.
totallypatrickAuthor Commented:
hi Bembi, I understand that it may be a bit complicated if we were to go down to multiple levels/folders in each document library. But i just need some users outside Dept A to be able to access an entiire Document Library in Dept A. Other document librarys are hidden/inaccessible. Is that possible to do?
You can of course...
But in this case, you would break the inheritage for each item an DepA site.
Lets say, we have DepA site with 3 doc libraries, 1 Taskslist etc. And you want to give DepB only access to the tasklist.
Then you break the inheritage for the three doc libraries and give only DepA permissions.
Dep B has "Limited Access" on the root site and the according permissions to the task list.

If this is a simple site, it is easy to handle.
If the site is compalex, you have to change a lot of permission.

a.) Even if DepA creates new content, they have additionally to break the permission to make it invisible for DepB.
b.) Item level permissions are not recommended for SharePoint as performance critical.
c.) Item level permissions are not quite easy to follow up.
totallypatrickAuthor Commented:
Hi Bembi, that is to say if i have 10 doc libraries under DeptA, I will need to break permission inheritance for the other 9 doc libraries if i were to give permission to the 10th library to user abc. What permission do i need to give user abc to let him access Dept A site?
Limited Access...
This is needed to be allowed to see the DepA site...
totallypatrickAuthor Commented:
Hi Bembi, may i know how to give limited access to a user to the site? I gave the user access to a document library within the site but this does not automatically give him limited access permission to the site.
Limited Access is granted automatically as far as the user don't have permissions on the root level. You cannot grant it directly.
This should work anyway as far as the list / library, which has got permissions, is on the same site.


If this doesn't work, something may be wrong with the site. You may use the  "Check Permissions" Button to check, if the user has any permissions due to membership within another group.

You may also try another user.

Last option is of course to create your own access level with similar permissions and grant this permission for that user.
totallypatrickAuthor Commented:
Yes. the problem is Limited Access is not granted automatically in my case :( I've got to grant restricted reader permission
> Yes. the problem is Limited Access is not granted automatically in my case
This should be the case...
Maybe you should try to patch Sharepoint to the latest release?

> I've got to grant restricted reader permission
This is the work around. You can create your own permission level (to reuse it)
Limited access is
- View Application Pages
- Browse User Information
- Use Remote Interfaces
- Use Client Integration Features
- Open (site)
If you use the same permissions for your custom oermission level, the effect is the same with the difference, that this permission level can be assigned manually.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now