locked
Issue with item level permission lists RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I have a client who is using a document library for storing all documents for an internal project and has been assigning item level permissions to every document based on their business requirements. There are 500 users assigned to these documents and the document library.

    The issue we are noticing is that while reviewing the item level permissions for a document, it will randomly decide to stop displaying the list of names and spew out what appears to be some sort of XML data on the rest of the page. This is intermittent and a refresh will sometimes fix the issue, meaning the list is visible and manageable. When this item level permission list breaks, the data will appear in random locations too, meaning it sometimes appears before the masterpage, sometimes in the search area, and mostly in the content area where the list data resides.

    So far it appears that this issue is only relating to viewing the list item permissions for an item in the document library where the user list is large (200+ users). This issue does not seem to happen when there are a lesser number of users assigned to the item(s).There have not been any tests done on other document libraries to verify if this is happening across different libraries, but this was reproduced within their test environment and production environment. Does anyone know if there is some sort of bug or memory leak with SharePoint ACLs? It just seems that there are way too many users in the item level permissions for an item that SharePoint just doesn't like, but then again I have never seen such an issue before.
    Tuesday, January 5, 2010 4:24 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Whoever he is, he is totally mad.

    I am not surprised that SP isn't happy about having item-level permissions for a mass of documents.

    Instead the documents should all be put either in a single document library (restricted to those users) or even in a folder resticted to those users.

    Both are natural ways to deal with a situation where a lot of documents are of resticted access to the same group of people.



    Given this, I don't really see the point of investigating problems caused by this guy. Educate him on the correct method instead.

    (Which if he hasn't already done this consists of having those 500 users in a SP Group and assigning only that Group rights to the doc lib / folder)











    FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com
    Complete Book Lists (incl. foreign language) on each site.
    • Proposed as answer by Parvez Akkas Wednesday, January 6, 2010 3:49 AM
    • Marked as answer by Lily Wu Wednesday, January 13, 2010 1:14 AM
    Tuesday, January 5, 2010 5:13 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Whoever he is, he is totally mad.

    I am not surprised that SP isn't happy about having item-level permissions for a mass of documents.

    Instead the documents should all be put either in a single document library (restricted to those users) or even in a folder resticted to those users.

    Both are natural ways to deal with a situation where a lot of documents are of resticted access to the same group of people.



    Given this, I don't really see the point of investigating problems caused by this guy. Educate him on the correct method instead.

    (Which if he hasn't already done this consists of having those 500 users in a SP Group and assigning only that Group rights to the doc lib / folder)











    FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com
    Complete Book Lists (incl. foreign language) on each site.
    • Proposed as answer by Parvez Akkas Wednesday, January 6, 2010 3:49 AM
    • Marked as answer by Lily Wu Wednesday, January 13, 2010 1:14 AM
    Tuesday, January 5, 2010 5:13 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    There are issues with how many ACLs can be safely assigned and you will see performance issues as you increase the number - one symptom of the performance issues would be the request timing out before completion and sending back a partial request stream which would result in the behavior you are seeing. I'd agree with Mike here in that the proper way to fix this would be move to library level permissions or failing that to use AD or SharePoint groups and assign users to those groups thus reducing the number of permissions set on each item (users should never be assigned directly to any resource - use groups whenever possible).
    Gary Lapointe, Blog: http://stsadm.blogspot.com/, Twitter: http://twitter.com/glapointe
    Wednesday, January 6, 2010 1:57 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    As ppl already mentioned the actual issue is about the assigning SharePoint users, not the AD users, because whenever you use SharePoint users it reserves some space from ACL and limitation of SharePoint user are about 2000. After that user's wont be resolved.

    What can you do in your solution (apart of applying permissions to the list only) is to remove the SharePoint users and assign permissions for AD users instead.
    This approach doesn't have performance and capacity issues for the number of users
    SharePoint 2007 -2010 Tips & Tricks Portal | Microsoft MVP | My Blog about Information Management | My twitter
    Wednesday, January 6, 2010 2:10 AM