SOLVED

Users see libraries they dont have permissions to

Copper Contributor

Hello,

 

I have a site with 10 document libraries on it

 

For each library, I broke inheritance and gave each unique permissions.

 

I give edit permission to each library using separate O365 Security groups.

 

If a user is in only one O365 Security Group, then they only have permissions to one library on the site.

 

Problem is they can still see all the other libraries listed in navigation, even the ones they have no permissions to.  They can click on them and it opens up the library, but its empty, they cant see or do anything in it.

 

They see all 10 libraries, but they only have access to one of them and since they don't know which one, they need to randomly open libraries with dead ends until they find the one with their files.

 

Is this how this is supposed to work?  I thought if they didn't have permissions to a library, the library will be hidden.

 

If I check that particular users permissions on a libraries they don’t have access to, it says they have limited permissions because of the permissions I gave them to the one library on the site they actually should have permissions to.

Why does giving permission to one library somehow jump to another library that it has no connection to?

 

Oddly enough this does work using by assigning permission via users instead of groups - If I take a user out of their particular O365 Security group and add that user just as a user, then it works. All the other libraries are hidden. But who wants to manage SharePoint libraries via individual users. Sounds like a nightmare.

 

Ive tried adding O365 groups to the Libraries and Ive tried using SharePoint Groups populated with the O365 Groups. Same result.

 

How do I use O365 groups and keep the other libraries hidden from the people who don’t need them?

 

Thanks,

Tom

5 Replies

@IT_Ad10 

 

I don't think you will be able to use O365 groups to achieve what you want here.  I find the most effective way to achieve what you are trying to do is very close to what you have tried;

 

1). Go to Library settings, permissions for this library.

2). Break Inheritance.

3). Create new SharePoint groups.

4). Assign individual users (not O365 groups) to the new SharePoint groups as required.

 

That in my opinion should do the trick.

@IT_Ad10 : Make sure that 0365 group should not be a part of Site collection admin.

 

@PeterRising   Thanks PeterRising!  I was hoping for a different answer, like I was missing a checkbox somewhere. But confirming that it cant be done means I can move on at least.

@Ashish_KohaleThanks Ashish_Kohale, I will check that.

best response confirmed by IT_Ad10 (Copper Contributor)
Solution

I figured this out, this is what worked for me.

 

When I added a library and broke inheritance and use a either a SharePoint Group or a O365 Security Group to give permissions to that library (actually not sure if you need all these to happen) - SharePoint, without telling me add that group to other libraries in the site with "Unique" permissions.

 

Sometimes it added this group to all the other libraries, some times only one or two, sometime no libraries.

 

I don't know why, or what these unique permissions are for.

 

I can tell which libraries it added the group to by opening the site with a user who only has permission to one Library. If you can see any other libraries you need to fix those libraries.

 

And I saw this when I opened the permissions to a library that just broke:

"There are limited access users on this site. users may have limited access if an item or document under the site has been shared with them. Show User. This library has unique permissions

 

If I saw the Show User part, I needed to fix things.

 

If you click show user you will see all the other permissions added by SharePoint.

 

Here's the part that took me an embarrassing two days to figure out - at this point just check their checkboxes and delete all groups with the extra permission. That's it. I got so hung up on what I did wrong for them to show up there, that it never occurred to me to try deleting them.

 

Sucks you need to do this. If anyone know why this happens and how to avoid it I'd love to know.


Tom

1 best response

Accepted Solutions
best response confirmed by IT_Ad10 (Copper Contributor)
Solution

I figured this out, this is what worked for me.

 

When I added a library and broke inheritance and use a either a SharePoint Group or a O365 Security Group to give permissions to that library (actually not sure if you need all these to happen) - SharePoint, without telling me add that group to other libraries in the site with "Unique" permissions.

 

Sometimes it added this group to all the other libraries, some times only one or two, sometime no libraries.

 

I don't know why, or what these unique permissions are for.

 

I can tell which libraries it added the group to by opening the site with a user who only has permission to one Library. If you can see any other libraries you need to fix those libraries.

 

And I saw this when I opened the permissions to a library that just broke:

"There are limited access users on this site. users may have limited access if an item or document under the site has been shared with them. Show User. This library has unique permissions

 

If I saw the Show User part, I needed to fix things.

 

If you click show user you will see all the other permissions added by SharePoint.

 

Here's the part that took me an embarrassing two days to figure out - at this point just check their checkboxes and delete all groups with the extra permission. That's it. I got so hung up on what I did wrong for them to show up there, that it never occurred to me to try deleting them.

 

Sucks you need to do this. If anyone know why this happens and how to avoid it I'd love to know.


Tom

View solution in original post