locked
Bulk Add Permisson to Un-Inherited Sites RRS feed

  • Question

  • Got a dilemma with site permissions currently and would greatly welcome any suggestions? I have created a custom Permission Level called Enumerate Permissions to give our 2nd Line support team access to view the permissions on a site, library, document etc. This works fine, however all of our sites are using unique permissions. Is there a way I can bulk assign this permission level to the security group for our 2nd Line team throughout the un-inheritied sites, or is there a way I can force this permission to flow down through the site chain but retain the existing unique permissions? Thanks Richard
    Richard Green, MCSE Windows Server 2003
    Monday, January 31, 2011 9:27 AM

Answers

  • You'll need to recreate the custom permission level as a Permission Policy level, but then you can assign that level to a particular AD group or user for an entire Web Application.  Any specific rights assigned or restricted in a permission Policy takes precedence over all locally assigned rights assignments.  You can read more about how to implement a Permission Policy for a web application here:

    http://technet.microsoft.com/en-us/library/ff608071.aspx


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Monday, January 31, 2011 12:48 PM
  • Yes, it applies to SharePoint 2007 also.  Here's a link for how to do it in 2007.

    http://technet.microsoft.com/en-us/library/cc262617(office.12).aspx


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Monday, January 31, 2011 6:23 PM
  • Those are just the default permission Policy levels.  You can create additonal permission policy levels just like you can create additional permission policies.  Permission Policy levels are created out of the same set of individual permissions as a permission level.  The only difference is that in a permission policy you can either grant or deny an individual permission.  You can't deny permissions in a permission level.

    To create a new Permission Policy Level:

    1. On the Policy for Web Application Page in Central Admin click the Manage Permission Policy Levels link in the left hand quick launch menu.
    2. On the Manage permission Policy Level page make sure you have the web application selected that you want the permissions to apply to.
    3. Click Add permission Policy Level in the toolbar. 
    4. Give you permission policy a name and then select the Grant or Deny checkbox for the specific permissions you want to control at the web application level.
    5. Save the new permission policy and you can then apply it to the web application zone(s) that you want to grant/restrict your users access to.

    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Tuesday, February 1, 2011 1:24 PM

All replies

  • You'll need to recreate the custom permission level as a Permission Policy level, but then you can assign that level to a particular AD group or user for an entire Web Application.  Any specific rights assigned or restricted in a permission Policy takes precedence over all locally assigned rights assignments.  You can read more about how to implement a Permission Policy for a web application here:

    http://technet.microsoft.com/en-us/library/ff608071.aspx


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Monday, January 31, 2011 12:48 PM
  • You'll need to recreate the custom permission level as a Permission Policy level, but then you can assign that level to a particular AD group or user for an entire Web Application.  Any specific rights assigned or restricted in a permission Policy takes precedence over all locally assigned rights assignments.  You can read more about how to implement a Permission Policy for a web application here:

    http://technet.microsoft.com/en-us/library/ff608071.aspx


    Paul Stork SharePoint Server MVP
    Paul, This is is happening on a SharePoint 2007 farm - Do the same steps apply, as the article is for 2010? Thanks Richard
    Richard Green, MCSE Windows Server 2003
    Monday, January 31, 2011 4:05 PM
  • Yes, it applies to SharePoint 2007 also.  Here's a link for how to do it in 2007.

    http://technet.microsoft.com/en-us/library/cc262617(office.12).aspx


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Monday, January 31, 2011 6:23 PM
  • Thanks Paul, however am I missing something? I am only able to set Full Control, Full Read, Deny Write and Deny All permissions? I originally created a custom permission level because of the ability to create fine-grained custom permissions. Thanks Richard
    Richard Green, MCSE Windows Server 2003
    Tuesday, February 1, 2011 9:05 AM
  • Those are just the default permission Policy levels.  You can create additonal permission policy levels just like you can create additional permission policies.  Permission Policy levels are created out of the same set of individual permissions as a permission level.  The only difference is that in a permission policy you can either grant or deny an individual permission.  You can't deny permissions in a permission level.

    To create a new Permission Policy Level:

    1. On the Policy for Web Application Page in Central Admin click the Manage Permission Policy Levels link in the left hand quick launch menu.
    2. On the Manage permission Policy Level page make sure you have the web application selected that you want the permissions to apply to.
    3. Click Add permission Policy Level in the toolbar. 
    4. Give you permission policy a name and then select the Grant or Deny checkbox for the specific permissions you want to control at the web application level.
    5. Save the new permission policy and you can then apply it to the web application zone(s) that you want to grant/restrict your users access to.

    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 9, 2011 3:15 AM
    Tuesday, February 1, 2011 1:24 PM