SOLVED

Restrict folder creation in the documents root folder for a contributor or editor

Occasional Contributor

Hi all,

I have a fresh new site and in the root of the documents library I have a folder called 2023

2023 has a subfolder called 1.Folder and within here another subfolder called 1.stuff


I have created a permissions groups 1.Contributor and added test user to this group.

On the top level folder called 2023 I've used manage access to add the group 1.Contributor ( But with Can view access only )

On the subfolder of this folder (1.Folder ) I have used manage access and set "can view" on this folder too

On the subfolder of this folder (1.stuff) I have used manage access and set "can edit" on this folder.


The result is that a user in this group 1.Contributor
Can Create a sub sub folder level of 1.stuff but Can NOT create a folder at the level (1.Folder) Which is what we want.

However there is nothing to prevent the user creating a new folder at the same level as 2023 folder.(The documents root folder)

My question is, How do I prevent the user from Creating a folder at the level (2023) , the root.

Else there is nothing stopping the user creating their own root folder and disregarding the structure we have built. ( we don't want this)

 

Just a note to add that a user with reader permissions Can't create a folder at the root level but an editor or contributor can. There is no where to manage access to the root ?

Any help please,

R

 

7 Replies
best response confirmed by rwaldron (Occasional Contributor)
Solution

Hello @rwaldron 

 

looks like your editors and contributers have too much permession on library level, you can check this in your library > gear > library settings > more library settings > permissions for this document library. Set the permissons for editors and contributurs also to read on this level, after that, they can't create folders on higher-level or into your 2023 folder. (except they are admins ;) )

 

After that, it's correct, you can stop the permission inheriting on every level/folder and give your own permissions.

Hi @rwaldron ,

you should also think about using multiple document libraries instead of a single one with many folders and different permissions.

For example: If you create a document library "2023" you can just set permissions for that entire library instead of dealing with folders and subfolders and wierd permission settings.


Maybe even more document libraries make sense in your case. (Especially since this opens the possibility to have different additional metadata columns for different libraries like an "InvoiceNo" just for the library with the invoices).

You can still somewhat order them hierarchically in your site navigation, if you want to guide your users.

Best Regards,
Sven

Thank you very much , this is exactly what I needed. Tested and working !
Hiya and thx for the reply. We already have Multiple sites setup as you suggest. But for some scenarios like this one mentioned , the breaking of inheritance is required. We needed users to start at the same top folder but there is a specific requirement for some users to have different access to different subfolders .I've been putting it off for a while because I knew there are some Overheads regarding maintaining the permissions but once setup correctly it works very similar to a file server. So we've gone for 1 folder with like 10 subfolders rather than 10 document libraries. And we also don't want users creating their own folders at top level and assuming they have managed permissions correctly themselves. This gives us some form of control over the folder structure. Please don't mention what about more power to the users :)
Hiya, Now When I create newer groups and goto library > gear > library settings > more library settings > permissions for this document library, the recently created groups are not there, I assume because of breaking inheritance. So do I now use grant permissions here to invite the new groups ?
untick "Share everything in this folder,even items with unique permissions"
select permission level - READ.

Is this correct ?

@rwaldron Yes. Because you broke the permissions inheritance from site level to library level, you have to grant permissions on library every time you add new group at SharePoint site level (if you want to allow accessing library for this group). 

 

The settings you mentioned in your above response like "READ" permissions, etc. are correct.


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.