locked
Permissions inheritance RRS feed

  • Question

  • Hi Everyone,

    Had an issue yesterday where it seems that when permissions are assigned at the parent level, which flows through to child object (library/folder/file), which then subsequently have their inheritance broken, if the identity is removed from the parent, even if the inheritance is broken on the child, the identity's permission is also removed from the child object.

    Is this by design?

    Should the broken inheritance on the item prevent the permission from being removed?

    Has anyone else been caught out by this? I would assume yes...

    Because of the mandated permissions required on the structure involved, I had to run approx. 7k lines of PnP scripts to reinstate the missing identities permissions last night.

    Thanks

    Wednesday, August 28, 2019 11:47 PM

Answers

  • When you break inheritance, it does not make any changes at the broken level that you make below that level. If you remove an ACL at a lower level, it will not impact the object that has broken inheritance. This is by design.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    Thursday, August 29, 2019 12:03 AM
  • Hi Dean,

    Yes, Removing permissions from the parent would also remove it from the child even though the child has unique permissions. This is by design.

    Best Regards,

    Michael Han


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    Thursday, August 29, 2019 2:00 AM

All replies

  • When you break inheritance, it does not make any changes at the broken level that you make below that level. If you remove an ACL at a lower level, it will not impact the object that has broken inheritance. This is by design.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    Thursday, August 29, 2019 12:03 AM
  • Hi Trevor,

    Thanks for your prompt response.

    Not sure if I am reading your explanation correctly. So are you saying that what I experienced is as it should be?

    If an item originally inherited its permissions, but it's inheritance was then broken, and if an identity's permissions was then removed from what used to be the parent permission (now broken), that it will be removed from the child that is not inheriting as well?Thanks

    • Marked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    • Unmarked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    Thursday, August 29, 2019 12:17 AM
  • Hi Dean,

    Yes, Removing permissions from the parent would also remove it from the child even though the child has unique permissions. This is by design.

    Best Regards,

    Michael Han


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by Dean808 Sunday, September 1, 2019 10:34 PM
    Thursday, August 29, 2019 2:00 AM