SOLVED

SPO Unique Permissions vs File Share permissions: How do they impact each other on migration?

Brass Contributor

Hi,

I need to design a solution for migrating file shares to SharePoint Online. There are millions and millions of documents so I'm diving into Unique Permissions.

SPO has a limit of 50.000 unique permissions:

https://docs.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description...

 

I want to know exactly how unique permissions work. I want to understand it so I can advise my customers.

  1. What scenario on a file share will add 1 to the unique permissions count for a document library?
  2. How can I check if the permissions on a file share will break this limit or in other words:
    1. how can I count the unique permissions on a file share
  3. When an Azure AD group with 10 AD Accounts in it causes a unique permission on a folder in SPO. Does this count for 1 unique permission, 10 or something else?

Some extra information:

  • We need to migrate the current permissions, AD Groups and AD members
  • We use ShareGate as a migration tool

Th@nx in Advance!

 

2 Replies
best response confirmed by Sander Derix (Brass Contributor)
Solution
My 2 Cents here:
1. A unique permission will be added for each document migrated with a specific permission. The 50.000 limit is per document library
2. To count the unique permissions on a file share you will need to write some PS code or use a third party tool. There are some scritps on the Internet that you could use
3. Unique permissions count at the document / Filder level no

@Juan Carlos González Martín Thnx for your reply!

I think you are correct. let me explain.

I've contacted several people and I think I have figured it out.

Every element (folder/file) on your fileshare where 'IsInherited=False' will count for a unique permission element.

So:

c:\Temp

The AD Group DL-SEC-Temp is added to this folder with unique permissions.

10 Accounts are member of the AD Group DL-SEC-Temp.

If you migrate this folder to:

https://contoso.sharepoint.com/sites/test/Documents/Temp

This folder will have 10 unique permissions.

 

At least that is how I interpreted things. 

One of my sources:

https://www.petri.com/how-to-get-ntfs-file-permissions-using-powershell

1 best response

Accepted Solutions
best response confirmed by Sander Derix (Brass Contributor)
Solution
My 2 Cents here:
1. A unique permission will be added for each document migrated with a specific permission. The 50.000 limit is per document library
2. To count the unique permissions on a file share you will need to write some PS code or use a third party tool. There are some scritps on the Internet that you could use
3. Unique permissions count at the document / Filder level no

View solution in original post