Forum Discussion

Sderix's avatar
Sderix
Brass Contributor
Feb 12, 2020
Solved

SPO Unique Permissions vs File Share permissions: How do they impact each other on migration?

Hi,

I need to design a solution for migrating file shares to SharePoint Online. There are millions and millions of documents so I'm diving into Unique Permissions.

SPO has a limit of 50.000 unique permissions:

https://docs.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits

 

I want to know exactly how unique permissions work. I want to understand it so I can advise my customers.

  1. What scenario on a file share will add 1 to the unique permissions count for a document library?
  2. How can I check if the permissions on a file share will break this limit or in other words:
    1. how can I count the unique permissions on a file share
  3. When an Azure AD group with 10 AD Accounts in it causes a unique permission on a folder in SPO. Does this count for 1 unique permission, 10 or something else?

Some extra information:

  • We need to migrate the current permissions, AD Groups and AD members
  • We use ShareGate as a migration tool

mailto:Th@nx in Advance!

 

Permissions
SharePoint Online
  • jcgonzalezmartin's avatar
    jcgonzalezmartin
    Feb 13, 2020
    My 2 Cents here:
    1. A unique permission will be added for each document migrated with a specific permission. The 50.000 limit is per document library
    2. To count the unique permissions on a file share you will need to write some PS code or use a third party tool. There are some scritps on the Internet that you could use
    3. Unique permissions count at the document / Filder level no

2 Replies

  • jcgonzalezmartin's avatar
    jcgonzalezmartin
    MVP
    Feb 13, 2020
    My 2 Cents here:
    1. A unique permission will be added for each document migrated with a specific permission. The 50.000 limit is per document library
    2. To count the unique permissions on a file share you will need to write some PS code or use a third party tool. There are some scritps on the Internet that you could use
    3. Unique permissions count at the document / Filder level no
    • Sderix's avatar
      Sderix
      Brass Contributor
      Feb 13, 2020

      jcgonzalezmartin Thnx for your reply!

      I think you are correct. let me explain.

      I've contacted several people and I think I have figured it out.

      Every element (folder/file) on your fileshare where 'IsInherited=False' will count for a unique permission element.

      So:

      c:\Temp

      The AD Group DL-SEC-Temp is added to this folder with unique permissions.

      10 Accounts are member of the AD Group DL-SEC-Temp.

      If you migrate this folder to:

      https://contoso.sharepoint.com/sites/test/Documents/Temp

      This folder will have 10 unique permissions.

       

      At least that is how I interpreted things. 

      One of my sources:

      https://www.petri.com/how-to-get-ntfs-file-permissions-using-powershell