none
Restrict user to specific site or subsite.

    Question

  • I have a subsite called budget in my SharePoint portal. I have added "NT AUTHORITY\authenticated users" to "Visitors Group" to the root site of the Portal as all users in the organisation should be able to access this site. This was my requirement because there are hundreds of users and I cannot manually add each and every user. Now I want to allow a particular user to the budget site only and restrict his access to any other area throughout the portal. He should not be able to see any other site except "Budget" not even root site.  Now if I create a Groups called "BudgetViewers" at the root and deny access to the home site or any other site and explicitly give permission to this group in "Budget" site that user will still have access because the Higher permissions overrides the lower permissions. Here in my case the permission given in Visitors Group will override the restriction to BudgetViewers group.

    Please guide how can I go about giving the permissions.

    Thanks
    • Moved by Mike Walsh FIN Friday, August 21, 2009 11:23 AM admin q (From:SharePoint - Development and Programming)
    Friday, August 21, 2009 11:19 AM

Answers

  • It is not a best practice to tighten permissions at the top and loosen them as you go down. Some problems you may have as you have found include the inability to block a user well from the top level, and if you are successful, you may have trouble getting the sub-site to display well for the user since they do not have permissions to show the tabs from the top level or other integrated pieces that you may not have considered.

    Best would be if you created a new site collection off to the side of this site and set permissions independently over there.
    Friday, August 21, 2009 12:10 PM

All replies

  • This is an Admin question so I'm moving it to the Admin forum.

    Use the Dev/Programming forum only for programming issues (writing web parts; using web services etc.)

    WSS FAQ sites: http://wssv2faq.mindsharp.com and http://wssv3faq.mindsharp.com
    Total list of WSS 3.0 / MOSS 2007 Books (including foreign language) http://wssv3faq.mindsharp.com/Lists/v3%20WSS%20FAQ/V%20Books.aspx
    Friday, August 21, 2009 11:23 AM
  • It is not a best practice to tighten permissions at the top and loosen them as you go down. Some problems you may have as you have found include the inability to block a user well from the top level, and if you are successful, you may have trouble getting the sub-site to display well for the user since they do not have permissions to show the tabs from the top level or other integrated pieces that you may not have considered.

    Best would be if you created a new site collection off to the side of this site and set permissions independently over there.
    Friday, August 21, 2009 12:10 PM
  • A question I have here also is this, if you have let all authenticated users into the top site, and obviously your budget viewer person is an authenticated user, How could you ever exclude him or her from viewing something you have basically given all persons rtights to?
    Friday, August 21, 2009 12:13 PM