Site Permissions Breaking Bad, episode 3

The Folders.

BrokenGlassNow and then you read a blog post that makes you think: “I wish I had written that”. Veronique Palmer has done it often, Dan Adams has done it a few times, and now I have found

Gregory Zelfond’s “12 reasons folders in SharePoint are a bad idea”.

It is a really good list of why you should avoid folders on SharePoint.

My own planned post on this topic is now completely redundant 🙂 . But I would like to illustrate his point 4: why maintaining permissions on folders can be a nightmare.

What are the issues with folder permissions?

  1. If you break permissions and add “Different permissions!” to the folder name, as I always suggest to do, the URL of the folder and all its documents changes. People who have this link in their Favorites and use it after the change, will get an error.
    That is another reason why folders are a bad idea: Links to folder, sub-folders and all documents in the hierarchy change when you change the name of the folder.
    Libraries and lists have a description field for that type of info, folders have not.
  2. Broken permissions are not easily visible, so unless you add something to the folder name (causing issue 1), you will not know what permissions your folders have. The only way to find out is by going to each folder and finding out. If you have a deep nest, you will have to start at the bottom of the hierarchy. Not a fun job 🙂
  3. People often are in a hurry to give someone access, without thinking about a sustainable setup, or writing down what the permissions are exactly.
  4. Having many folders with broken permissions, especially with individual permissions, may cause performance issues.

 Time for an illustration!

We have already seen the default permission setup, and what happens if you break permissions for one library. Here they are again:

This is the default permission setup of a site - the site and all lists and libraries have exactly the same permissions.
This is the default permission setup of a site – the site and all lists and libraries have exactly the same permissions.
Broken permissions- one library has different permissions.
One library has different permissions, and Visitors no longer see or have access to the library.

Now let us zoom in to one document library (the yellow block) in a site. What if it has 4 folders, 2 with inherited permissions (yellow) and 2 with broken permissions, each differently?

This is a site with one document library with folders. The individual users are also in the Visitors group, so they have access to the site.
This is a site with one document library with folders. The individual users are also in the Visitors group, so they have access to the site.

OK, this is getting complicated, right? Now what if one of the folders has 4 sub-folders with different broken permissions? And sub-sub-folders? Or if the folder and sub-folder inherit permissions from the site or the library, but the sub-sub-folder has broken permissions?  The potential issues multiply with each sub-folder.
You can imagine that managing and supporting that kind of setup becomes a difficult task – if a new person enters the team, where do you have to add him or her? And where do you need to remove their predecessor?

In one of my next posts, I will share some examples where breaking permissions in folders has led to misunderstandings, problems, urgent phone calls and me having to spend lots of time on cleaning the mess that someone else had made 🙂 .

Image courtesy of Suat Eman / FreeDigitalPhotos.net

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s