Forum Discussion
Solved
Restrict Owners
Not even sure if this is possible, but is there a way to remove site owners permissions from a certain library or even just a folder under a library? We are moving multiple files and departments to SharePoint and foresee an issue when it comes to HR and potentially Engineering when it comes to having someone in Finance (aka me as the owner) having the ability to get into files.
Right now I have a potential of 2 work arounds...
1 - Saw something about creating a completely new site for high sensitive info and just put a link to that site on this site. The problem is that then someone would need to manage those site and right now there are few (aka 2 here) that know anything about SharePoint and neither are in the "sensitive" areas.
2 - Ask the departments to password protect any files that are sensitive. Only problem here is that, and cannot believe I am saying this, people don't remember passwords or they write passwords on sticky notes and basically void the use..
So really hoping there is a way to do the security without a work around... fingers crossed someone here has any ideas...
Thanks for any help!
There will always need to someone who has enough permissions to help fix things if things go south. The best practice is the use of named admin accounts, this way you can give de admin permissions to the named admin account and not your personal account.
On your personal account you will just see the data that you are allowed to see but on the named admin account you could see everything and help where needed.
The reason you still see the library after removing the owner permissions is because you are set as the site collection administrator which is a higher permission then the owner group.
You can break the inheritance of the permissions to give unique permissions to a document library or a folder. For a folder you need to follow these steps:
- Select the folder
- Click on the three dots
- Go to Manage access
- Click on Advanced
- Stop inheriting permissions
This will break the inheritance of the permissions from the document library and gives you the possibility to give unique rights.
If you want to do this on a document library you will have to go to the library settings and navigate to “Permissions for this document library” to get to the screen where you can manage the permissions.
- Tried that, unfortunately as you can see on your list the "permissions owners" is listed twice. If I go in, stop inheriting permissions and remove user permissions from owners for a library then go back to manager access.... owners is still listed, just listed once. Therefore I am still able to get into the folders as the owner. It also got me thinking... what if something was to go wrong in general in the library? If I had to help fix, how would I do it if I had no access to the folder? Almost like we need to go the way of passwords on files. But i am open to suggestions.
There will always need to someone who has enough permissions to help fix things if things go south. The best practice is the use of named admin accounts, this way you can give de admin permissions to the named admin account and not your personal account.
On your personal account you will just see the data that you are allowed to see but on the named admin account you could see everything and help where needed.
The reason you still see the library after removing the owner permissions is because you are set as the site collection administrator which is a higher permission then the owner group.
