cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SharePoint permissions and inheritance make no sense

An_admin_123
Copper Contributor

‎Apr 21 2023 09:26 AM

‎Apr 21 2023 09:26 AM

SharePoint permissions and inheritance make no sense

If I have a site contoso.sharepoint.com/ and I don't want users to have access but I do want them to have access to contoso.sharepoint.com/subsite/ how am I supposed to make it work?

 

I have tried switching on inheritance but that works backwards so if the group 'subsite readers' has Read on contoso.sharepoint.com/subsite/ then (unlike anything else I ever worked with) they get the same on contoso.sharepoint.com/.

 

I tried switching off inheritance, removing  permissions for 'subsite readers' from contoso.sharepoint.com/ and adding them with Read to contoso.sharepoint.com/subsite/ but then they can't access contoso.sharepoint.com/subsite/ at all.

 

Why does inheritance work backwards?  Can I turn that off?  How is it supposed to work if I want users to have access to a site but not the parent?  When I find instructions they talk about libraries, which I've been able to make work like folders in a file system but sites and subsites don't seem to follow any logic I can understand.

 

I've been banging my head against this for a while now, I have the feeling I must be missing something.

Labels:
810 Views
0 Likes
5 Replies
Reply
5 Replies
ganeshsanap

‎Apr 22 2023 03:05 AM

‎Apr 22 2023 03:05 AM

Re: SharePoint permissions and inheritance make no sense

@An_admin_123 Go to parent SharePoint site permissions page using URL like: 

 

https://contoso.sharepoint.com/_layouts/15/user.aspx

 

Check if any of the group from subsite is having access to your parent SharePoint site. If yes, you have to remove their permissions (individual user accounts as well as SharePoint/Azure AD/M365 groups where users are added as members) from parent site.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

0 Likes
Reply
RobElliott

‎Apr 22 2023 03:18 AM

‎Apr 22 2023 03:18 AM

Re: SharePoint permissions and inheritance make no sense

Of course Microsoft's recommendation these days is not to use subsites but to have a flat structure with sites associated to a hub site. It makes permissions easier to manage.
1 Like
Reply
An_admin_123

‎Apr 25 2023 02:47 AM

‎Apr 25 2023 02:47 AM

Re: SharePoint permissions and inheritance make no sense

That would be nice if they hadn't done loads of it already. Honestly, if it were up to me we wouldn't have SharePoint, I'm just stuck with trying to sort out the mess they've made. I don't know SharePoint, I'm not a programmer and find the obsession with PowerShell confusing - I thought we left the 80s behind?
0 Likes
Reply
An_admin_123

‎Apr 25 2023 02:48 AM

‎Apr 25 2023 02:48 AM

Re: SharePoint permissions and inheritance make no sense

I'm confused. If I remove their permissions from the parent they disappear from the subsite too. It's like I can't have one without the other.
0 Likes
Reply
ganeshsanap

‎Apr 25 2023 03:01 AM

‎Apr 25 2023 03:01 AM

Re: SharePoint permissions and inheritance make no sense

@An_admin_123 Are you sure you are using unique permissions / groups for your subsite? I think you are using same groups for granting permissions on site collection as well as subsites. It is better to use separate groups for granting permissions on site collection & subsites.

 

There is a option to use unique permissions and groups for subsite instead of inheriting it from parent site (site collection). Go to sub site permissions page using URL like: 

 

https://contoso.sharepoint.com/sites/siteName/subsiteName/_layouts/15/user.aspx

 

Then select Stop Inheriting Permissions option like: 

ganeshsanap_0-1682416560091.pngClick OK button from alert popup and it will ask you to create set up new groups for your site. You can use Create a new group option against all three group options visitors/members/owners. SharePoint will create 3 new groups specific to your subsite.

 

Then you can remove permissions for older site collection groups from subsite and use these new groups specific to subsite for granting permissions on subsite.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

0 Likes
Reply