Forum Discussion
Permission Inheritance on a new folder
Whenever I create a new folder in Sharepint, it automatically adds all groups to the permissions. Is there a way to stop this. I would like to only have the admins to start, and then add who I want. Not inherit everything. This is for Sharepoint 2016 online.
Inheritance of permissions by subfolders is usually a very helpful thing and prevents lots of headaches in the future. I typically recommend controlling permissions at the document library level becuase it makes administration and troubleshooting much easier. i.e., instead of adding a Invoice and Purchase Order folder with different perms to a Finance library, create 2 separate libraries with different perms.
Thanks Dean! We are trying to have one sharepoint site that can be used to share files with many clients. Using 1 foldler for each client seemed to be the easiest way. But when I went to create the folder it would add all of the client groups. It is easy to delete the groups that should not be in there, but would be even easier to have just the site owners added from the start, and then add the one other group.
I would be very careful with that approach, you will be running the risk of clients seeing each others stuff if a mistake is made. For that scenario, i would typically recommend creating separarte site collections for each client. This provides very clean and clear boundaries. You may alsos want another site that has content for all of the clients to see.
In general, one or more collections for your staff, one collection for each client and shared collection for all of the clients.
In each of the client collections, create a custom SP Group to put the clients users, put your people into the default Site Owners, Members and Visitors group. If you are using Azure B2B, which is ideal for this scenario, then you can create Azure AD groups for each client and put them into the appropriate SP site collectoin with the necesary permission level assigned
When you add a folder through the UI, the default is to inherit permissions from the parent (folder, list, site, etc. depending on where the first unique permissions are found). There is no way to change this default behavior (however, you could set the default of the parent to just admin permissions and then adjust the folder as necessary).
If you are creating these folders programattically, there are APIs to break inheritance and then adjust the permissions and is relatively straightforward to do.
- Just curious, would setting the parent folder to admin only prevent users from navigating from the top level? Otherwise, they will a direct link to the child folder to access the library/site.
