Forum Discussion
David_Elsner
Mar 14, 2023Brass Contributor
Why are unique SharePoint permissions a bad practice?
I read already many times, that unique SharePoint permissions are a bad practice and it also looks like Microsoft is also following it.
For example a private channel in Teams is realized with a complete new SharePoit Teamsite with top level permissions to the channel members.
They could also have created just a document library with unique permissions inside the grouped SPO site. But they didn't.
But what is so bad of breaking the inheritance on the library or even the folder level? On the library level it seems still kind of clean.
And sharing a link is also some kind of "unique permission".
My own best practice is:
- In Teams or groupified SharePoint sites, don't break permissions at all. Only the group memberships should give permissions. Transient sharing of folders or files through links is okay.
- In Teamsites without a group also unique permissions on the library level are okay.
- Permanent unique permissions on single folders have to be avoided.
Do you agree?
David_Elsner Unique permissions are complicated to manage and need extra administration efforts to manage such unique permissions.
It gets more complicated when no. of items/documents in list/library increases.
When a list, library, or folder contains more than 100,000 items, you can't break permissions inheritance on the list, library, or folder. You also can't re-inherit permissions on it. However, you can still break inheritance on the individual items within that list, library, or folder, up to the maximum number of unique permissions in the list or library (see the next section).
Source: Items in lists and libraries - limits
Next section: For large lists, design to have as few unique permissions as possible and remain below 5,000 in total.
Source: Unique security scopes per list or library
Also, check this for some more information: Best Practices for Unique Permissions in a SharePoint List
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs
David_Elsner Unique permissions are complicated to manage and need extra administration efforts to manage such unique permissions.
It gets more complicated when no. of items/documents in list/library increases.
When a list, library, or folder contains more than 100,000 items, you can't break permissions inheritance on the list, library, or folder. You also can't re-inherit permissions on it. However, you can still break inheritance on the individual items within that list, library, or folder, up to the maximum number of unique permissions in the list or library (see the next section).
Source: Items in lists and libraries - limits
Next section: For large lists, design to have as few unique permissions as possible and remain below 5,000 in total.
Source: Unique security scopes per list or library
Also, check this for some more information: Best Practices for Unique Permissions in a SharePoint List
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs
Hello David_Elsner
agree 👍
Please attention the limits: https://learn.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/error-share-break-inheritance
Item, document or folder permissions can be confusing and lead to a lot of administrative work.
And your example about private teams: yes, but a teams are more then SharePoint with M365 Groups services from other M365 apps.
Best, Dave