cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Why are unique SharePoint permissions a bad practice?

David_Elsner
Brass Contributor

‎Mar 14 2023 12:41 PM

‎Mar 14 2023 12:41 PM

Why are unique SharePoint permissions a bad practice?

I read already many times, that unique SharePoint permissions are a bad practice and it also looks like Microsoft is also following it.

For example a private channel in Teams is realized with a complete new SharePoit Teamsite with top level permissions to the channel members.

They could also have created just a document library with unique permissions inside the grouped SPO site. But they didn't.

 

But what is so bad of breaking the inheritance on the library or even the folder level? On the library level it seems still kind of clean.

And sharing a link is also some kind of "unique permission".

 

My own best practice is:

 

- In Teams or groupified SharePoint sites, don't break permissions at all. Only the group memberships should give permissions. Transient sharing of folders or files through links is okay.

- In Teamsites without a group also unique permissions on the library level are okay.

- Permanent unique permissions on single folders have to be avoided.

 

Do you agree?

2,442 Views
0 Likes
2 Replies
Reply
2 Replies
David Mehr

‎Mar 15 2023 09:21 AM

‎Mar 15 2023 09:21 AM

Re: Why are unique SharePoint permissions a bad practice?

Hello @David_Elsner

 

agree :thumbs_up: 

 

Please attention the limits: https://learn.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/error-share-break-inhe...

 

Item, document or folder permissions can be confusing and lead to a lot of administrative work.

 

And your example about private teams: yes, but a teams are more then SharePoint with M365 Groups services from other M365 apps.

 

Best, Dave

0 Likes
Reply
best response confirmed by David_Elsner (Brass Contributor)
ganeshsanap

‎Mar 16 2023 12:07 AM

‎Mar 16 2023 12:07 AM

Solution

Re: Why are unique SharePoint permissions a bad practice?

@David_Elsner Unique permissions are complicated to manage and need extra administration efforts to manage such unique permissions.

 

It gets more complicated when no. of items/documents in list/library increases. 

 

When a list, library, or folder contains more than 100,000 items, you can't break permissions inheritance on the list, library, or folder. You also can't re-inherit permissions on it. However, you can still break inheritance on the individual items within that list, library, or folder, up to the maximum number of unique permissions in the list or library (see the next section).

 

Source: Items in lists and libraries - limits 

 

Next sectionFor large lists, design to have as few unique permissions as possible and remain below 5,000 in total. 

SourceUnique security scopes per list or library 

 

Also, check this for some more information: Best Practices for Unique Permissions in a SharePoint List 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by David_Elsner (Brass Contributor)
ganeshsanap

‎Mar 16 2023 12:07 AM

‎Mar 16 2023 12:07 AM

Solution

Re: Why are unique SharePoint permissions a bad practice?

@David_Elsner Unique permissions are complicated to manage and need extra administration efforts to manage such unique permissions.

 

It gets more complicated when no. of items/documents in list/library increases. 

 

When a list, library, or folder contains more than 100,000 items, you can't break permissions inheritance on the list, library, or folder. You also can't re-inherit permissions on it. However, you can still break inheritance on the individual items within that list, library, or folder, up to the maximum number of unique permissions in the list or library (see the next section).

 

Source: Items in lists and libraries - limits 

 

Next sectionFor large lists, design to have as few unique permissions as possible and remain below 5,000 in total. 

SourceUnique security scopes per list or library 

 

Also, check this for some more information: Best Practices for Unique Permissions in a SharePoint List 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

View solution in original post

0 Likes
Reply