SharePoint Online - Security Groups - Inheritance

%3CLINGO-SUB%20id%3D%22lingo-sub-2380204%22%20slang%3D%22en-US%22%3ESharePoint%20Online%20-%20Security%20Groups%20-%20Inheritance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2380204%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20on%20interesting%20question%20about%20SharePoint%20Online%20and%20Security%20Groups.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EI%20site%20for%20example%20%22Customer%22%2C%20where%20is%20document%20library.%20In%20that%20library%20is%20folder%20%22IT%22%20and%20in%20that%20folder%20are%20two%20subfolders%20%22Administrative%22%20and%20%22Technician%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFolder%20%22IT%22%20-%20two%20security%20groups%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3ESG_ALL_READ%3C%2FSPAN%3E%3CUL%3E%3CLI%3Eeveryone%20in%20this%20security%20group%20have%20permission%20read%20folder%20IT%3C%2FLI%3E%3CLI%3Emembers%20of%20this%20groups%3A%3CUL%3E%3CLI%3E%3CSPAN%3ESG_ADM_RW%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3ESG_TECH_RW%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3ESG_ADM_FC%3C%2FSPAN%3E%3CUL%3E%3CLI%3Eeveryone%20in%20this%20security%20group%20have%20permission%20full%20control%20in%20the%20folder%20%22IT%22%3C%2FLI%3E%3CLI%3Emembers%20of%20this%20groups%20are%20users%20administrators%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3ESubfolder%20%22Administrative%22%20-%26nbsp%3BInheritance%20is%20disabled%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3ESG_ADM_RW%3C%2FSPAN%3E%3CUL%3E%3CLI%3E%3CSPAN%3Emembers%20of%20this%20groups%20are%20users%20from%20administrative%20with%20permission%20read%20and%20write%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3ESubfolder%20%22Technician%22%20-%26nbsp%3BInheritance%20is%20disabled%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3ESG_TECH_RW%3C%2FSPAN%3E%3CUL%3E%3CLI%3E%3CSPAN%3Emembers%20of%20this%20groups%20are%20users%20technicians%20with%20permission%20read%20and%20write%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20administrator%20from%20security%20group%26nbsp%3B%3CSPAN%3ESG_ADM_FC%20will%20create%20new%20subfolder%20in%20folder%20%22IT%22%2C%20for%20example%20%22Others%22%2C%20this%20folder%20%22Others%22%20will%20automatically%26nbsp%3Binherit%20security%20groups%26nbsp%3BSG_ALL_READ%20and%20SG_ADM_FC.%20Which%20means%20that%20all%20users%20(administrators%2C%20users%20from%20administrative%2C%20users%20technician)%20have%20access%20for%20new%20folder%20%22Other%22%20(no%20matter%20what%20permission).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMy%20questions%20is%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20how%20to%20tell%20security%20group%26nbsp%3B%3CSPAN%3ESG_ALL_READ%20%22do%20not%20automatically%20inherit%20yourself%22%20when%20new%20subfolder%20is%20created%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20scenario%20is%20for%20regular%20users.%20That%20is%20why%20I%20need%20this.%20I%20know%20me%20as%20administrator%20can%20do%20it%20but%20I%20need%20something%20more%20easier%20for%20regular%20user.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20tried%20to%20create%20diagram%20..%20hope%20it%20is%26nbsp%3Bunderstandable%20%3A-).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22StandaCZE_1-1621846215722.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F283082iCCDD458281830991%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22StandaCZE_1-1621846215722.png%22%20alt%3D%22StandaCZE_1-1621846215722.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%20for%20your%20help!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2380204%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDocument%20Library%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFolders%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20Groups%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hello,

 

I have on interesting question about SharePoint Online and Security Groups.

I site for example "Customer", where is document library. In that library is folder "IT" and in that folder are two subfolders "Administrative" and "Technician".

 

Folder "IT" - two security groups

  • SG_ALL_READ
    • everyone in this security group have permission read folder IT
    • members of this groups:
      • SG_ADM_RW
      • SG_TECH_RW
  • SG_ADM_FC
    • everyone in this security group have permission full control in the folder "IT"
    • members of this groups are users administrators

Subfolder "Administrative" - Inheritance is disabled

  • SG_ADM_RW
    • members of this groups are users from administrative with permission read and write

Subfolder "Technician" - Inheritance is disabled

  • SG_TECH_RW
    • members of this groups are users technicians with permission read and write

 

When administrator from security group SG_ADM_FC will create new subfolder in folder "IT", for example "Others", this folder "Others" will automatically inherit security groups SG_ALL_READ and SG_ADM_FC. Which means that all users (administrators, users from administrative, users technician) have access for new folder "Other" (no matter what permission).

 

My questions is:

Is there any way how to tell security group SG_ALL_READ "do not automatically inherit yourself" when new subfolder is created?

 

This scenario is for regular users. That is why I need this. I know me as administrator can do it but I need something more easier for regular user.

I tried to create diagram .. hope it is understandable :-).

StandaCZE_1-1621846215722.png

 

 

Thank you very much for your help!!

 

0 Replies