Skip Ribbon Commands
Skip to main content

Tom Resing's SharePoint Blog

:

Login

Quick Launch

Tom Resing's Website > Tom Resing's SharePoint Blog > Posts > What is Limited Access? And how do I remove it?
July 12
What is Limited Access? And how do I remove it?
by  Thomas.ResingNo presence information  on 7/12/2010 7:21 PM
Category: SharePoint 2010

Do you ever forget things that you’ve learned before? I do.

Case in point, last week I was looking at a page similar to this:

image

begging the question at the top of the post. The above snip of a SharePoint 2010 site gives me almost no clue what that permission level, Limited Access, might mean. In my case, it was a SharePoint 2007 site, but they act very similar.

Drilling down to edit the user’s permission gives a little more information, as shown below, but I’m still left wondering, how miwise was given this Limited Access. More to the point, How do I remove it? I clearly can’t use that greyed out checkbox to take Limited Access away.

image

The answer to why is clear when you read the documentation

 
  • Limited Access    Can view specific lists, document libraries, list items, folders, or documents when given permissions.

Note   You cannot assign this permission level to users or to SharePoint groups. Instead, Office SharePoint Server 2007 automatically assigns this permission level to users and to SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Office SharePoint Server 2007 automatically grants them Limited Access on the list, and also on the site, if needed.

In other words, if you’re looking to understand why a user or group has limited access, look first at the places permission inheritance has been broken, then you may find an escalated permission.

To remove limited access, restore inheritance or remove the higher level permission given to the item or items.

Permanent Link to Post | Email Post Link | Number of Comments 6 Comment(s)

Comments

More on limited access

To explain in another way - limited access happens when you give users access to a specific document or document library,  (as apposed to adding them to the default Members, Owners or Visitors groups).

You can't just delete limited access.  If you do that you will revoke the access of everyone who had limited access assigned to them.

You first need to determine where they had this access so you can fix it by possibly creating a new group, placing the users into that group, then assigning the Group to the document library.

If you have SharePoint 2007, you'll need to go into each and every document library / list and check the permission levels under the Settings. 

If they are all inheriting permissions, it means that the users have been given access on an item level instead, ie: to specific documents.  (And this is why its a bad idea to do this).

Now you'll need to go into each and every single document's settings to see who has special access. 

When you find the source, then yes, you need to inherit permissions again to remove the limited access thing.  The more documents you have on your site, the longer this is going to take you.

It comes down to planning.  If you are granting permissions on a document level, your planning is wrong.  It is near impossible to manage your sites like this.  You need special 3rd party software in order to do that.  SharePoint 2010 is alot better as it has better built in reporting.

Worst case, break permissions on a Library (or list) level.  Best case, don't break permissions at all and keep special users on their own site - especially if you are new to SharePoint or don't understand how permissions fits together.  It takes lots of experience to get this under the belt properly.

Kind Regards,
Veronique Palmer
Lets Collaborate
 on 7/13/2010 11:04 AM

Great addition!

Veronique,
Thanks so much for your contribution to the post. I love how your comment adds more text, and arguably, more value than my original post!
Inheriting permissions is a tricky topic. There is a great discussion in the Microsoft SharePoint 2007 Administrator's Companion. Even there, it basically boils down to a failing in the User Interface and the need for 3rd party tools just to keep track of where these suggested practices might not be followed.
SharePoint 2010 is 100 times better in identifying and reporting on inheritance breaks, but it will continue to be relevant until at least v15.
Tom
Thomas.ResingNo presence information on 7/13/2010 3:58 PM

Very nice site!

Very nice site!
 on 11/5/2010 9:35 AM

Thanks

I always appreciate comments. Especially positive ones!
Thomas.ResingNo presence information on 11/15/2010 9:49 AM

Kiah Kimpo

This is good information to know as we are upgrading our sites to SP2010 in a few weeks.

What is the impact of having both permissions levels assigned to a user or group? 
 on 11/9/2011 6:32 PM

Tom Resing

Hi Kiah,
When an item has multiple permissions granted to a user or group, the permissions are combined.
For example, in the screen shot above, miwise has Contribute and Read. Combining the permissions of both groups really results in Contribute permission since Contribute already has the permissions of Read.
-Tom
Thomas.ResingNo presence information on 11/9/2011 7:26 PM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name *


Comment *


Tom Resing


Type my name to verify you're a human

Attachments