document sharing & right inheritance

%3CLINGO-SUB%20id%3D%22lingo-sub-766442%22%20slang%3D%22en-US%22%3Edocument%20sharing%20%26amp%3B%20right%20inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-766442%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20other%20day%2C%20I%20had%20to%20give%20access%20to%20a%20colleague%20to%20a%20repository%20inside%20of%20a%20document%20library.%20Since%20he%20didn't%20have%20access%20to%20the%20Sharepoint%20Online%20site%2C%20I%20simply%20%22shared%22%20the%20repository%20with%20him.%20In%20addition%2C%20he%20didn't%20nor%20should%20have%20access%20to%20anything%20else%20...%20and%20it%20worked%20perfectly%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20other%20day%20after%20adding%20a%20new%20group%20of%20users%20(Azure%20AD%20group)%20as%20site%20members%2C%20I%20noticed%20they%20didn't%20not%20had%20access%20to%20the%20previously%20shared%20repository.%20The%20access%20rights%20were%20set%2C%20for%20the%20new%20AD%20group%20onto%20all%20the%20other%20repositories%2C%20at%20the%20exception%20of%20the%20previously%20shared%20repository.%26nbsp%3B%20On%20the%20access%20rights%20panel%2C%20SharePoint%20indicates%20that%20it%20had%20%22%20unique%20permissions%20%22.%26nbsp%3BFrom%20my%20point%20of%20view%2C%20sharing%20a%20repository%20should%20not%20block%20a%20change%20of%20access%20rights%20at%20the%20top%20level%20of%20the%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20behavior%20normal%20%3F%20Any%20ideas%20on%20how%20to%20fix%20this%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-766442%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDocument%20Library%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESites%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-775389%22%20slang%3D%22en-US%22%3ERe%3A%20document%20sharing%20%26amp%3B%20right%20inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-775389%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233896%22%20target%3D%22_blank%22%3E%40Stephane%20KLOIS%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBy%20%22repository%22%20I%20assume%20you%20mean%20a%20folder%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20clicked%20the%20dots%20next%20to%20the%20folder%20%26gt%3B%26gt%3B%20Share%2C%20then%20the%20user%20should%20not%20even%20have%20access%20to%20the%20site%20itself%20(he%2Fshe%20isn't%20even%20added%20in%20the%20Visitors%20group)%2C%20but%20only%20to%20this%20particular%20folder%20via%20the%20link%20sent%20through%20the%20sharing.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3EIf%20you%20go%20into%20the%20%3CSTRONG%3ELibrary%3C%2FSTRONG%3ESettings%20%26gt%3B%26gt%3B%20Permissions%20for%20this%20library%20%26gt%3B%26gt%3B%20it%20will%20tell%20you%26nbsp%3B%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%20box-sizing%3A%20border-box%3B%22%3ESome%20items%20of%20this%20list%20may%20have%20unique%20permissions%20which%20are%20not%20controlled%20from%20this%20page.%26nbsp%3B%20%22Show%20these%20items.%22%20(link)%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%20box-sizing%3A%20border-box%3B%22%3EAnd%20if%20you%20click%20on%20this%20%22%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%22%3EShow%20these%20items%3C%2FEM%3E%22%20link%3C%2FFONT%3E%2C%20the%20folder%20you%20shared%20will%20show%20up.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3EClick%20on%20the%20%3CEM%3EManage%20permissions%3C%2FEM%3Elink%2C%20and%20you'll%20see%3A%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20557px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F124634iFF90DED3A776A11B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22SharedFolder.png%22%20title%3D%22SharedFolder.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI've%20tested%20your%20scenario%20on%20my%20tenant%2C%20and%20it%20worked%20fine.%3C%2FP%3E%0A%3CP%3EUser%20only%20has%20access%20to%20this%20particular%20folder%2C%20and%20the%20Group%20can%20see%20everything.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-776636%22%20slang%3D%22en-US%22%3ERe%3A%20document%20sharing%20%26amp%3B%20right%20inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-776636%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F34858%22%20target%3D%22_blank%22%3E%40Veronique%20Lengelle%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%20for%20your%20answer.%3C%2FP%3E%3CP%3EYes%2C%20by%20repository%20I%20did%20mean%20a%20folder%3A)%3C%2FP%3E%3CP%3EWhen%20I%20follow%20the%20different%20steps%20indicated%20in%20your%20message%2C%20I%20have%20the%20same%20result.%20That's%20were%20my%20concern%20is%20%3A%20sharing%20a%20folder%20with%20someone%20seems%20to%20break%20rights%20inheritance.%20If%20I%20grants%20a%20new%20access%20at%20the%20site%20level%2C%20it%20remain%20absent%20on%20those%20previously%20shared%20folders.%20However%2C%20the%20new%20access%20is%20valid%20on%20all%20the%20non%20shared%20folders.%20I%20wanted%20to%20know%2C%20is%20this%20normal%20%3F%20Has%20anybody%20experienced%20this%20scenario%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-776717%22%20slang%3D%22en-US%22%3ERe%3A%20document%20sharing%20%26amp%3B%20right%20inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-776717%22%20slang%3D%22en-US%22%3E%3CP%3EQuite%20normal%2C%20that%E2%80%99s%20the%20way%20SharePoint%20does%20permissions.%20Everything%20in%20a%20site%20starts%20out%20the%20same%20way%2C%20but%20once%20you%20change%20a%20list%2C%20or%20a%20folders%20permission%2C%20it%20breaks%20the%20permission%20off.%20It%20copies%20it%E2%80%99s%20current%20setting%2C%20but%20after%20that%20you%20have%20to%20maintain%20it%20on%20your%20own%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20is%20why%20people%20try%20to%20discourage%20breaking%20inheritance%2C%20it%20can%20be%20a%20pain%20to%20manage.%20Adding%20people%20to%20groups%20already%20defined%20for%20the%20list%2Flibrary%20work%2C%20but%20you%E2%80%99ll%20always%20have%20to%20add%20individuals%20or%20new%20groups%20yourself%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-784326%22%20slang%3D%22en-US%22%3ERe%3A%20document%20sharing%20%26amp%3B%20right%20inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-784326%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20very%20much%20for%20your%20different%20answers.%20It%20is%20very%20clear.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20this%20a%20bit%20surprising%20since%20this%20sharing%20functionnality%20is%20accessible%20by%20end-user%20who%20may%20not%20be%20aware%20of%20this%20topic.%20At%20the%20end%20of%20the%20day%2C%20I%20would%20have%20hoped%20for%20a%20functionnality%20where%20%22sharing%22%20would%20add%20an%20extra-access%20without%20Breaking%20inheritance.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

The other day, I had to give access to a colleague to a repository inside of a document library. Since he didn't have access to the Sharepoint Online site, I simply "shared" the repository with him. In addition, he didn't nor should have access to anything else ... and it worked perfectly :)

 

The other day after adding a new group of users (Azure AD group) as site members, I noticed they didn't not had access to the previously shared repository. The access rights were set, for the new AD group onto all the other repositories, at the exception of the previously shared repository.  On the access rights panel, SharePoint indicates that it had " unique permissions ". From my point of view, sharing a repository should not block a change of access rights at the top level of the site.

 

Is this behavior normal ? Any ideas on how to fix this ? 

 

Many thanks

4 Replies
Highlighted

@Stephane KLOIS 

By "repository" I assume you mean a folder?

 

If you clicked the dots next to the folder >> Share, then the user should not even have access to the site itself (he/she isn't even added in the Visitors group), but only to this particular folder via the link sent through the sharing.

 

If you go into the Library Settings >> Permissions for this library >> it will tell you Some items of this list may have unique permissions which are not controlled from this page.  "Show these items." (link)

And if you click on this "Show these items" link, the folder you shared will show up.

Click on the Manage permissions link, and you'll see:

 

SharedFolder.png

 

 

I've tested your scenario on my tenant, and it worked fine.

User only has access to this particular folder, and the Group can see everything.

 

 

Highlighted

@Veronique Lengelle 

 

Thank you very much for your answer.

Yes, by repository I did mean a folder :)

When I follow the different steps indicated in your message, I have the same result. That's were my concern is : sharing a folder with someone seems to break rights inheritance. If I grants a new access at the site level, it remain absent on those previously shared folders. However, the new access isn't valid on all the non shared folders. I wanted to know, is this normal ? Has anybody experienced this scenario ? 

Highlighted

Quite normal, that’s the way SharePoint does permissions. Everything in a site starts out the same way, but once you change a list, or a folders permission, it breaks the permission off. It copies it’s current setting, but after that you have to maintain it on your own

This is why people try to discourage breaking inheritance, it can be a pain to manage. Adding people to groups already defined for the list/library work, but you’ll always have to add individuals or new groups yourself

Highlighted

Thank you very much for your different answers. It is very clear. 

I found this a bit surprising since this sharing functionnality is accessible by end-user who may not be aware of this topic. At the end of the day, I would have hoped for a functionnality where "sharing" would add an extra-access without Breaking inheritance.