Permissions: View folders but not access


  • Hello,


    Using WSS, is it possible to set permissions in a document library such that another group of people can see all the names of the folders that are created in that library but are not able to access the content of the folders?  The default setup seems to be if you deny access to a folder within a library then that folder becomes invisible.


    If this isn't possible is anyone able to suggest an alternative?



    Thursday, January 03, 2008 4:26 PM

All replies

  • I believe the only answer is to stop securityTrimming on your site. That will also make you navigation show pages the user can not see either. That will lead to "Access Denied" errors for users.



    Friday, January 04, 2008 5:24 AM
  • How do I do that?  bearing in mind I'm not an IT expert.  I have search for security trimming in WSS help but it is not mentioned.

    Friday, January 04, 2008 9:03 AM
  • As I understand it, if you want people to see the folders, then you need to give read access to the folders.  If you give read access, then people can click into them.


    If you want to deny access to the contents of the folders, you need to remove access to the items themselves.


    This would be very awkward.


    What is the business requirement? That will help us suggest useful alternatives.


    --Paul Galvin, Conchango
      RSS @
      Web site @


    Friday, January 04, 2008 2:37 PM
  • Thanks Paul,


    I am involved in an internal change programme within a large aerospace company.  As part of this we run a large number of workshops (~2 per month) in different parts of the business to address issues specific to different departments.  I would like to be able to give a large group of facilitators (~200) visibility to all the names of the workshops that are happing across the company so they can see what types of problems are being tackled (I thought this would best be implemented by letting them see the names of the folders).  But due to security issues I cannot let these people view the details of what actually goes on in the workshops (i.e. the documents contained within the folders).  I only want my small team (4 people) to be the ones who are able to view all contents.


    I know you can create workspaces from lists and restrict the access to those workspaces individually but that seemed more awkward than folders in a document library.





    Friday, January 04, 2008 4:01 PM
  • One approach I would consider is to build a custom list that tracks all the workshop types with characteristics about those workshops.  Allow everyone access to this master workshop list.  That would allow people to browse through them and meet your one objective.   Create views as needed.


    Then, keep the same folder structure in place that you already have for the projects with security enabled as you already did it.  This will meet the security requirements.


    This does mean a sort of double entry would be required since you would need to keep a folder structure in place for the actual workshop data respository and a master list.  In the master list, you could add a link to the folder to ease navigation.


    Another approach would be to keep everything in folders, but do 2 levels.  The top level folder would not be secured and create one folder for each workshop.  Add a secured folder under each of the workshop-level folders and place your sensitive documents there.  This would eliminate double entry (no master list).  I'd create a content type based off a folder so that you can put your workship information at that level and create views to support it.


    There are probably other good approaches as well, maybe much better approaches.  If anyone has any clever ideas, jump in!




    --Paul Galvin, Conchango
      RSS @
      Web site @


    Friday, January 04, 2008 4:25 PM