Do you know what the following questions all have in common?
- “I see a completely different homepage menu/libraries/folders than my other team members”
- “I can no longer check out or edit a document”
- “I know he has access to the list, but he can not access the link I send him”
- “I have given her full control, but she still can not see that library”
- “I can no longer access the site or library that I am supposed to manage”
Yes, you guessed it – these questions are all permissions-related.
It sounds really neat and useful to be able to limit access to sites, libraries and folders in SharePoint. It is easy to add groups and individuals and set it up just the way you think is best.
Many people, however, do not realize the full consequences of breaking permissions (= giving subsites, lists, libraries and folders different permissions than the site). As a result, I provide a lot of support on permissions-related issues.
I have found it hard to help users understand how it works in words, so I have created a series of pictures for clarification. You know I am not a designer, so if you have better visuals, please share!
Default site permissions.
First, let us show what the permissions in a “normal” site look like.
The fat dark blue line is a site. The blue blocks are libraries and lists. Or apps, as SharePoint 2013 calls them. 🙂
The purple circles are user groups. There is an Owners group (O) with Full Control, there is a Members group (M) that can read, add, edit and delete, and a Visitors group (V) that can read.
All lists and libraries have the same permissions throughout the site.
When we add an individual or another group to the site, (the circle with the person icon), this person/group will also have access throughout the site.
2. Site containing a library with different permissions.
Let us assume there is one library that contains confidential information, and we do not want Visitors to see that. You go to “Library Settings” and “Permissions for the library”, you edit permissions and remove the Visitors group. You add a note to the description of the library that this has different permissions. Visitors will not see the library anymore.
The permissions have now been broken, hence a dotted line around the library.
Next, you want to add new people to the site. The best way is to add them to one of the groups – they will have the correct access. But if you add a new group or an individual to the site, they will not see the library. That is because the permissions have been broken, meaning that the site and this library no longer align and you need to maintain both entities. So, you have to give this person/group access twice…that is double the work!
But…Owners often forget that they have broken permissions. So they give someone access to the site, but that someone can not see the library. They then give that someone Full Control to the site, but they still can not see the library.
I hope the picture below shows you why.
Now you know why I recommend to add a message in the description field of the library – that helps the Site Owner remember! And of course you see the benefits of adding new people to an existing group instead of as individuals.
So yes, breaking permissions is easy to do. Maintaining and supporting, however, is a lot of work!
Next time I will show you a few other scenarios.
You may also like:
– The Key and the Team Site
– Frankly my dear, they are just not that into your content
Title inspired by “Breaking up is hard to do” by Neil Sedaka.
Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net