Tuesday, May 24, 2011

Limited Access permission in SharePoint

Scenario: We have a list which doesn't inherit permissions from the site. Also, at the root of the list, there are folders, which are also set to NOT inherit permissions from the parent folder (which is the root of the list). We have added a Site group to the folder with 'Contribute' permission.

Issue: We see that the site group which we added to the folder is also added automatically at list level as well. The group have “Limited Access” permissions to the list.

Explanation: When you set permissions (for example: Full Control/Contribute) to the Folder after you break the permissions inherit. The users\group will have “Limited Access” permissions to the list, not the same permissions with the folder.

As discussed on "Anonymous Users, Forms Pages, and the Lockdown Feature  "  on Microsoft Enterprise Content Management (ECM) Team Blog  :   
In SharePoint, anonymous users’ rights are determined by the Limited Access permission level. Limited Access is a special permission level that cannot be assigned to a user or group directly. The reason it exists is because if you have a library or subsite that has broken permissions inheritance, and you give a user/group access to only that library/subsite, in order to view its contents, the user/group must have some access to the root web. Otherwise the user/group will be unable to browse the library/subsite, even though they have rights there, because there are things in the root web that are needed to render the site or library. Therefore, when you give a group permissions only to a subsite or library that is breaking permissions inheritance, SharePoint will automatically give Limited Access to that group or user on the root web.

More information about “Limited Access” permissions: