Not applicable

Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

We are working on a workflow which needs to assign individual user permissions on list items. What we're finding is that each user is being added to the main list of "Site Permissions", which over time will become difficult to manage. Potentially, several thousand users could end up on this list, and it will be difficult then to keep track of the few users and groups whose permissions we do need to manage.

 

I have tried using "Call web service" to add the user to a Sharepoint group at the beginning of the workflow, in the hope that they would not then also be added to the main permissions list, but this has not worked (user just appear in both places). Can anyone think of a way around this?

Tags (2)
0 Kudos
Reply
7 Replies
andrewg
Automation Master
Automation Master

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

When you add the user and it shows in the root permissions outside of all SharePoint groups, what is the permission level? Is it "Limited"?

0 Kudos
Reply
Not applicable

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

Hi Andrew,

Yes, they are shown as "Limited Access".

0 Kudos
Reply
Not applicable

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

I am not sure if this is still an issue but i have a question.

Can the users all be given read permission to the site?

If this is the case then create a group and add the everyone item, this should stop the adding of Limited permissions for each user

0 Kudos
Reply
andrewg
Automation Master
Automation Master

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

Does the same SharePoint group have access to the main site with any permission level? This seems like a standard SharePoint reaction to compensate for new users being added. But looking for more clues.

0 Kudos
Reply
majid_sahib
Nintex Employee
Nintex Employee

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

Hi Rob,

   When it comes to permission, then SharePoint works on least- privileged concept. see here : Plan for least-privileged administration in SharePoint 2013  so in your case you are breaking inheritance on the Item level, and that will lead to cause SharePoint to automatically gives that person a special permission level called “Limited Access”.  This permission is applied at the level above the library, please see this link : Permissions When Giving People Access to One List/Library | Sharepoint SIG

So i agree with as above its a SharePoint behaviour see this: Understanding permission levels

Hope that help.

Thanks,

Majid

View solution in original post

0 Kudos
Reply
Not applicable

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

Hi Rob,    When it comes to permission, then SharePoint works on least- privileged concept. see here : Plan for least-privileged administration in SharePoint 2013  so in your case you are breaking inheritance on the Item level, and that will lead to cause SharePoint to automatically gives that person a special permission level called “Limited Access”.  This permission is applied at the level above the library, please see this link : Permissions When Giving People Access to One List/Library | Sharepoint SIG So i agree with Andrew Glasser as above its a SharePoint behaviour see this: Understanding permission levels

0 Kudos
Reply
kelliganp
Workflow Hero

Re: Preventing "Site Permissions" becoming cluttered with user accounts.

Jump to solution

Hi Rob,

Did you ever find a resolution to this issue? What if you provided lowest (read) permissions to the list and used the Set item permissions action to break inheritance, then provide the various permissions to the item.

If you found a resolution, please let us know what it was. If someone provided it in the responses here, please mark it as answered. This will help others looking for a similar issue.

Thanks and Regards,

Patrick Kelligan

0 Kudos
Reply