none
Document Library Permission

    Soru

  • Hello Folks:

    I wonder if you can give me a hand on my problem below? Thanks so much in advance!

    For site ABC, I created Document Library (DL) 1 and 2.
    I broke inheritance on DL2.
    I gave User 1 contributor permission to DL2.

    Can I prevent User 1 from seeing anything on DL1?
    I think I have to break inheritance on DL1 also.
    Since I have to grant user 1 read access to site ABC, he/she can view DL1.

    IS THERE ANOTHER WAY to accomplish this task?

    Much appreciated!!!

    16 Temmuz 2012 Pazartesi 22:02

Yanıtlar

  • You can prevent user1 from seeing anything in DL1 if you don't grant user 1 read access to site ABC at the site level.

    Why did you have to grant user 1 read access to site ABC? If you break inherit for DL2 and then add permission for user 1 to DL2, limited access permission would be added automatically for user 1 at site ABC.


    By the way, in SharePoint 2013 preview, i found that the limited access permission is not added to site level (or added but not visible).
    18 Temmuz 2012 Çarşamba 06:16
    Moderatör

Tüm Yanıtlar

  • In order to block a user from seeing DL1 you either need to break inheritance for DL1 and remove that user, or create an audience that does not include that user and set the library to that audience. Breaking inheritance is more secure. The audience is not as secure since your really hiding it from them and not really taking away access. Security through obscurity would be the fitting descreption for the Audience method.


    Thanks, James Waymire - Senior Software Architect for SharePoint - ExtraTeam

    16 Temmuz 2012 Pazartesi 23:42
  • Hello James:

    Thanks for the excellent advice! I suspected that breaking DL1 inheritance is my best option since I have to give a minimum of 'restrict read' to the user to the ABC site. What I did not include on my original post is I have DL1 to DL10. The business will have a tough time managing the permissions once I broke the inheritance to all 10 DLs. I can create AD groups to make their life easier.

    You are absolutely correct about setting target audiences. :)

    Thanks again.

    Regards,

    jchan88

    17 Temmuz 2012 Salı 02:42
  • You can prevent user1 from seeing anything in DL1 if you don't grant user 1 read access to site ABC at the site level.

    Why did you have to grant user 1 read access to site ABC? If you break inherit for DL2 and then add permission for user 1 to DL2, limited access permission would be added automatically for user 1 at site ABC.


    By the way, in SharePoint 2013 preview, i found that the limited access permission is not added to site level (or added but not visible).
    18 Temmuz 2012 Çarşamba 06:16
    Moderatör