cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remediate broken inheritance

mauros801
Copper Contributor

‎Oct 18 2019 08:08 AM

‎Oct 18 2019 08:08 AM

Remediate broken inheritance

Hello, as we know the action "share" in Sharepoint actually breaks the inheritance cascading from the object that is shared. I have a scenario where a user must be granted access to entire SP sites or libraries (not through share but through direct access, action performed by the IT admin) bu this causes this user to have access to the whole library until there's a shared folder... he has not access to that folder and the folder tree below. Is this situation remediable or not? My users are starting complaining about that and I do not believe it works in this way.

992 Views
0 Likes
4 Replies
Reply
4 Replies
mrehmat

‎Oct 22 2019 07:10 AM

‎Oct 22 2019 07:10 AM

Re: Remediate broken inheritance

@mauros801  When inheritance is broken, no one loses access. That means, if the original SharePoint groups remain intact, you can add the new user to one of those groups and they would have access. If not, you may need to script your way through this situation. 

0 Likes
Reply
mauros801

‎Oct 22 2019 07:14 AM

‎Oct 22 2019 07:14 AM

Re: Remediate broken inheritance

ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?
0 Likes
Reply
mrehmat

‎Oct 22 2019 07:35 AM

‎Oct 22 2019 07:35 AM

Re: Remediate broken inheritance

@mauros801 

@mauros801 wrote:
ok so you mean that each object should have only permission on the three standard groups and that I need to populate these groups with users/other groups?

Once inheritance is broken, its not necessary that each 'shared entity' would only have permissions on those three default groups. When people share, depending on how they share, they introduce granular permissions. This means that after the 'share' action, the 'shared entity' would have more permissions than the three default groups. 
what I am suggesting is that you can add people to one of those default groups and not worry about what share is doing. So yes, you need to populate the three default groups. 

0 Likes
Reply
mauros801

‎Oct 22 2019 07:42 AM

‎Oct 22 2019 07:42 AM

Re: Remediate broken inheritance

Ok I got your point; my work would be scripting the removal of any direct access permission and including the same people in one of the three default groups, correct. It seems to work logically. In the other hand I would be limited to the three default permission levels that these groups have, that should be full control (for owners), edit (for members) and read (for visitors)... what can I do to assign for example "contribute permission" to a particular set of users? Should I create a new Sharepoint group with such permission level? But giving permission on the root site to this group, this will not propagate like every other permission, right?
0 Likes
Reply