Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SharePoint security inheritance underlying implementation

Tags:

sharepoint

sharepoint-online

sharepoint-security

I have 2 parts to my question. If I have a Document library with 10K documents, and all documents set to inherit permissions from the library which itself has explicit ACL comprising 500 users (i.e. the library does not inherit security from the site), then:

  1. Is the ACL replicated in SharePoint's database per document that is set to inherit security.
  2. If I add another user on the list, would SharePoint in its underlying implementation need to add that user further to 10K document ACLs.

If the answer to 1) is NO, then the answers to 2) would perhaps be NO itself, still wanted to be sure and thus listed them out separately.

The reason this is important for us is:

  1. We would have lots of users on a DL and lots of documents in the DL inheriting security. If the same is replicated per document, it means increased storage space would be needed.
  2. The security would be updated frequently on the DL via SP api calls. If it needs replication per document, we would need to factor-in the time needed for the same while making api calls.
like image 765
r_honey Avatar asked Jan 04 '18 13:01

r_honey

People also ask

What does stop inherit permissions mean in SharePoint?

This means that it no longer inherits permissions from its parent. For example, you may only want a specific subset of users to access a certain subsite. In this case, you would break permissions inheritance and set a higher necessary level. In this case, all the children of this item will follow this new inheritance.

How do you're inherit permissions Sharepoint?

Open the list or library that contains the folder, document, or list item on which you want to re-inherit permissions. Rest the pointer on the folder, document, or list item on which you want to re-inherit permissions, click the arrow that appears, and then click Manage Permissions.

1 Answers

As per my own research, the ACL is not replicated for objects inheriting security in SharePoint.

ACL afaik is stored in Perms + RoleAssignment tables in SharePoint's content database. Perms contains an entry only for objects not inheriting security from parent (identified by ScopeId column) and RoleAssignment contains roles for ScopeIds in Perms table.

So effectively if an object is inheriting security, it won't have ACL entries defined in the database. I wrote a blog post with further insights into my research in the same context here: https://imbibe.in/blog/2018/01/08/permission-storage-sharepoints-database/

like image 186
r_honey Avatar answered Oct 23 '22 08:10

r_honey
Sign in to Comment

Related questions

Configuring a sharepoint site subscriptions user account directory path with the object model
SharePoint 2013 / IIS 7.5 Impersonation/Delegation/Double Hop
SharePoint 2013 - InfoPath form using REST API and cannot get the data
Using SharePoint 2013 Cross-Domain Library in a simple web page: is it possible?
Using Apache Camel CMIS with Sharepoint 2013
Sharepoint Context Info in HTML page
Sharepoint `Unsupported segment type` when checkin/chekout file
Update Sharepoint 2013 using Python3
Form Based Authentication using Javascript for Sharepoint
VBA pass windows authentication to SharePoint
SharePoint 2013 KnockoutJS Lookup columns
Web worker won't start in IE unless the cache is cleared
Redirect in Sharepoint 2010 Event Receiver
DefaultCredentials in Accessing CRM / Sharepoint Web Services
Updating already-deployed SharePoint content types to handle additional item events
Query large external list with CAML
How to use API key with Yahoo's YQL?
401 when trying to implement CORS for SharePoint
List Items empty when requested via Microsoft Graph

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!