Remediate broken inheritance

Copper Contributor

Hello, as we know the action "share" in Sharepoint actually breaks the inheritance cascading from the object that is shared. I have a scenario where a user must be granted access to entire SP sites or libraries (not through share but through direct access, action performed by the IT admin) bu this causes this user to have access to the whole library until there's a shared folder... he has not access to that folder and the folder tree below. Is this situation remediable or not? My users are starting complaining about that and I do not believe it works in this way.

4 Replies

@mauros801  When inheritance is broken, no one loses access. That means, if the original SharePoint groups remain intact, you can add the new user to one of those groups and they would have access. If not, you may need to script your way through this situation. 

ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?

@mauros801 


@mauros801 wrote:
ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?

Once inheritance is broken, its not necessary that each 'shared entity' would only have permissions on those three default groups. When people share, depending on how they share, they introduce granular permissions. This means that after the 'share' action, the 'shared entity' would have more permissions than the three default groups. 
what I am suggesting is that you can add people to one of those default groups and not worry about what share is doing. So yes, you need to populate the three default groups. 

Ok I got your point; my work would be scripting the removal of any direct access permission and including the same people in one of the three default groups, correct. It seems to work logically. In the other hand I would be limited to the three default permission levels that these groups have, that should be full control (for owners), edit (for members) and read (for visitors)... what can I do to assign for example "contribute permission" to a particular set of users? Should I create a new Sharepoint group with such permission level? But giving permission on the root site to this group, this will not propagate like every other permission, right?