Sharepoint Permission

Posted on 2013-06-05
Medium Priority
Last Modified: 2013-06-29
Hi I have a question on permission for Sharepoint. Our departments are categorized into different sites. For example, a finance user need to access a document library in the trading site. She should only see that DL "abc" and mustn't see the rest. I have stop inheritance for DL "abc" and give her permission to it. However, she can only access äbc through the web link. I want her to be able to access the whole of Trading site but only able to view "äbc". May I know how do i achieve that pls?
Question by:totallypatrick
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6

Author Comment

ID: 39224793
I have given permission to the user in the document library and i read that Sharepoint would automatically give permission to that user in that site but that does not happen. Is there anything i should do to have that user assigned with "limited permission" on that site?
LVL 35

Expert Comment

ID: 39226403
Usuall, if you assign permissions on a sub level, Sharepoint assignes "Limited Access" to the containing container. So it depends, were you habe broken the inhertage of permissions.

Means, if you have set dedicated permissions on a document, the user gets "Limited Access" to the document library, but not necessarily to parent items, if the permission in broken again on a higher level.

To do what you intend to do (to be able to click on a link as well as to click through the hierarchy), the user needs at least "Limited Access" on all parent containers...

Site Collection - Site - Library where the item resides.

Author Comment

ID: 39233586
Hi Bembi, I have broken the hierachy but SharePoint doesnt give me persmission to that particular site. I can only access the site through the url but not when I click the home page of that site unless I share the site and the person can then view everything in that site which i do not want.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 35

Expert Comment

ID: 39234820
Yes, I understand, but this is the contruction how Sharepoint handles permissions.
If you want a user to klick through, you have to assign at least limited access the the user on each page / site on the way to the document. And this "Limited Access" permission gives the user the right, to read the content (but not to open documents) on the way to the target.

There are some costructional solution for such "cross-organizational" access needs.
Just for you to think about, if one of them is suitable for you. But some of them may depend on the general structure of your Sharepoint.

Lets assume, we have department A and B, nobody of DepA should acces DepB and vice versa..., with the exception of some documents / items / pages.

With item-level permissions (not recommended at all, but sometimes not avoidable), you can give a person of DepA access to items in DepB

To avoid the pass-though path, you can.
1.) Place a link to the document on the DepB page (direct access to the item)
2.) Place a "shared" document library somewhere in Sharepoint on a common level, give access permissions to DepA and item permissions on DepB. Insert the library somewhere inside the DepA site, where it should be visible. You can also insert the library somewher in DepB. DepB can see the whole library, but only open document they have permissions for.
3.) Also a possiblity would be - as a Sharepoint library is also a data provider - the grab data from one Sharepoint library into a second one. A little bit more complicate, as you need propably SharePoint Designer to construct such a connection.

Author Comment

ID: 39236677
hi Bembi, I understand that it may be a bit complicated if we were to go down to multiple levels/folders in each document library. But i just need some users outside Dept A to be able to access an entiire Document Library in Dept A. Other document librarys are hidden/inaccessible. Is that possible to do?
LVL 35

Expert Comment

ID: 39237603
You can of course...
But in this case, you would break the inheritage for each item an DepA site.
Lets say, we have DepA site with 3 doc libraries, 1 Taskslist etc. And you want to give DepB only access to the tasklist.
Then you break the inheritage for the three doc libraries and give only DepA permissions.
Dep B has "Limited Access" on the root site and the according permissions to the task list.

If this is a simple site, it is easy to handle.
If the site is compalex, you have to change a lot of permission.

a.) Even if DepA creates new content, they have additionally to break the permission to make it invisible for DepB.
b.) Item level permissions are not recommended for SharePoint as performance critical.
c.) Item level permissions are not quite easy to follow up.

Author Comment

ID: 39238251
Hi Bembi, that is to say if i have 10 doc libraries under DeptA, I will need to break permission inheritance for the other 9 doc libraries if i were to give permission to the 10th library to user abc. What permission do i need to give user abc to let him access Dept A site?
LVL 35

Expert Comment

ID: 39238589
Limited Access...
This is needed to be allowed to see the DepA site...

Author Comment

ID: 39239864
Hi Bembi, may i know how to give limited access to a user to the site? I gave the user access to a document library within the site but this does not automatically give him limited access permission to the site.
LVL 35

Expert Comment

ID: 39249452
Limited Access is granted automatically as far as the user don't have permissions on the root level. You cannot grant it directly.
This should work anyway as far as the list / library, which has got permissions, is on the same site.


If this doesn't work, something may be wrong with the site. You may use the  "Check Permissions" Button to check, if the user has any permissions due to membership within another group.

You may also try another user.

Last option is of course to create your own access level with similar permissions and grant this permission for that user.

Author Comment

ID: 39262060
Yes. the problem is Limited Access is not granted automatically in my case :( I've got to grant restricted reader permission
LVL 35

Accepted Solution

Bembi earned 2000 total points
ID: 39287012
> Yes. the problem is Limited Access is not granted automatically in my case
This should be the case...
Maybe you should try to patch Sharepoint to the latest release?

> I've got to grant restricted reader permission
This is the work around. You can create your own permission level (to reuse it)
Limited access is
- View Application Pages
- Browse User Information
- Use Remote Interfaces
- Use Client Integration Features
- Open (site)
If you use the same permissions for your custom oermission level, the effect is the same with the difference, that this permission level can be assigned manually.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question