Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SharePoint: You cannot grant limited access permission level

Tags:

security

permissions

roles

sharepoint

My team implemented a UI to assign/revoke permission levels to users on a certain SharePoint list. The UI supplies an "undo" feature to restore the rights the user had before they were changed through our UI.

Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a change over the UI. When trying to Undo, the permission level should be added again, which leads to a

You cannot grant a user the limited access permission level.

SharePoint grants that permission level automatically when a user gets access to some entity beneath the site. It cannot be granted manually. This permission level is then inherited by all lists in the site. However, after breaking inheritance on a list, I can revoke the right manually, only, I cannot re-grant it afterwards.

So SharePoint treats that permission level quite particularly and I'm wondering how to work around that in our undo feature.

My questions:

  • Did I get it right that this "limited access" is granted by SharePoint on the site level only, and all the lists beneath only contain that accidentally through inheritance?
  • Does that permission level have any effect at all on a list, or does it only apply to the site itself?
  • So, would it be save to just remove it from a list and do not add it anymore when the user clicks "undo", since it has no effect anyway?
like image 834
chiccodoro Avatar asked May 26 '10 09:05

chiccodoro

People also ask

How do I grant limited access to SharePoint?

On the permissions page for the list, on the Edit tab, click Grant Permissions. Type the name of the group or the individual you want to grant access to in the Users/Groups box. Choose the level of permissions you want the group or individuals to have. Click OK.

How do I remove limited access permissions in SharePoint?

If you want to remove the limited access, you need to manually remove the user permission on the items the user can access. Click Show these items to find the files and items with exceptions and remove the permission. If an Answer is helpful, please click "Accept Answer" and upvote it.

What does limited access mean in SharePoint permissions?

"Limited Access enables a user or group to browse to a site page or library to access a specific content item when they do not have permissions to open or edit any other items in the site or library. This level is automatically assigned by SharePoint when you provide access to one specific item.

2 Answers

I dare to answer my own question just for reference for future readers:

According to Microsoft's article Permission levels and permissions,

The Limited Access permission level cannot be customized or deleted.

and

(...) Windows SharePoint Services 3.0 automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Windows SharePoint Services 3.0 automatically grants them Limited Access on the list, and also the site, if needed.

In practice this means that:

  • If you can delete it, that's only because it has been inherited and has no meaning on that certain list.
  • If later on a user is granted some permissions to a certain list item, so that he needs the Limited Access on the list, SharePoint will take care of adding it again.
  • Summarized: No concerns to remove and not re-add that access level.
like image 125
chiccodoro Avatar answered Oct 23 '22 11:10

chiccodoro

Removing a user with Limited access on the top level site should not actually remove their explicit access on the list or library below (with broken permissions) but MS do say in the above mentioned article:

However, to access a list or library, for example, a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. The Limited Access permission level cannot be customized or deleted.

This suggests that the user's Limited access should be declared on the site permissions. I think its always best to do a test on your site first before making any assumptions.

like image 24
Esther Avatar answered Oct 23 '22 09:10

Esther
Sign in to Comment

Related questions

Why is it a bad idea to send username and password with every request between mobile app and backend api?
TokenServicesUserApprovalHandler not found in latest spring-security-oauth2-2.0.6.RELEASE.jar
Path-relative style sheet import vulnerabilities
Exploiting jquery html encoding XSS [duplicate]
Generate Random Password without these characters "l1o0"
Encryption of hashed passwords?
Sqlite how to escape values to prevent SQL injection
Should the socket.io socket ID be secret?
Shared signature key for JWT in various Microservices
Owin middleware for Bearer Token Authentication that supports JWT key rotation
php mail and SMTP while using cloudflare
Can the Request scope variables be tampered/modified using external proxy tools?
AWS Cognito is sending SMS messages without my permission
Secure API for both mobile and web
What is the best way to secure Firebase API keys in a react app so it is not accessible publicly? [duplicate]
ASP.NET - Trust Level = Full?
Why can't an iframe set its parent's location.hash?
Generating Strong Unique User ID's w/PHP & MySQL
Triple DES algorithm in C?
Access to SQL Server 2005 from a non-domain machine using Windows authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!