Forum Discussion
Restrict Owners
There will always need to someone who has enough permissions to help fix things if things go south. The best practice is the use of named admin accounts, this way you can give de admin permissions to the named admin account and not your personal account.
On your personal account you will just see the data that you are allowed to see but on the named admin account you could see everything and help where needed.
The reason you still see the library after removing the owner permissions is because you are set as the site collection administrator which is a higher permission then the owner group.
You can break the inheritance of the permissions to give unique permissions to a document library or a folder. For a folder you need to follow these steps:
- Select the folder
- Click on the three dots
- Go to Manage access
- Click on Advanced
- Stop inheriting permissions
This will break the inheritance of the permissions from the document library and gives you the possibility to give unique rights.
If you want to do this on a document library you will have to go to the library settings and navigate to “Permissions for this document library” to get to the screen where you can manage the permissions.
- Tried that, unfortunately as you can see on your list the "permissions owners" is listed twice. If I go in, stop inheriting permissions and remove user permissions from owners for a library then go back to manager access.... owners is still listed, just listed once. Therefore I am still able to get into the folders as the owner. It also got me thinking... what if something was to go wrong in general in the library? If I had to help fix, how would I do it if I had no access to the folder? Almost like we need to go the way of passwords on files. But i am open to suggestions.
There will always need to someone who has enough permissions to help fix things if things go south. The best practice is the use of named admin accounts, this way you can give de admin permissions to the named admin account and not your personal account.
On your personal account you will just see the data that you are allowed to see but on the named admin account you could see everything and help where needed.
The reason you still see the library after removing the owner permissions is because you are set as the site collection administrator which is a higher permission then the owner group.
- Yeah... the problem is our IT admin not local within the company most of the SharePoint talent is not IT (aka the admin). Therefore thinking passwords on specific files may be the best and that is if they feel it is absolutely necessary and to think of it.... most of them may already have passwords as IT has access to the servers now, so what is stopping them from going in? Trust and Professionalism! Greatly appreciate the bounce of ideas tho! Really did make me stop and think!
