Forum Discussion
Remediate broken inheritance
Hello, as we know the action "share" in Sharepoint actually breaks the inheritance cascading from the object that is shared. I have a scenario where a user must be granted access to entire SP sites o...
ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?
mauros801 wrote:
ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?
Once inheritance is broken, its not necessary that each 'shared entity' would only have permissions on those three default groups. When people share, depending on how they share, they introduce granular permissions. This means that after the 'share' action, the 'shared entity' would have more permissions than the three default groups.
what I am suggesting is that you can add people to one of those default groups and not worry about what share is doing. So yes, you need to populate the three default groups.
- Ok I got your point; my work would be scripting the removal of any direct access permission and including the same people in one of the three default groups, correct. It seems to work logically. In the other hand I would be limited to the three default permission levels that these groups have, that should be full control (for owners), edit (for members) and read (for visitors)... what can I do to assign for example "contribute permission" to a particular set of users? Should I create a new Sharepoint group with such permission level? But giving permission on the root site to this group, this will not propagate like every other permission, right?
