Is Permissions Inheritance the Best Method for Governing SharePoint Access?
Businesses are demanding technology that provides higher productivity and greater flexibility to provide value to their customers and generate new customers. It also needs to enable more effective partnerships and lower the cost of doing business. SharePoint is purchased for a number of reasons, but generally the primary purpose is to foster the collaboration and information sharing required to achieve these objectives.
Earlier this month we launched our latest product, HiSoftware Site Sheriff. We’ve published a new white paper that looks at SharePoint in the context of Microsoft’s recommended inheritance model. The paper examines and provides answers to the following questions:
- Where does inheritance work and what are its limits?
- How does the inheritance model fit in with the emergent era of claims and the demand for non-employee access?
- Can using inheritance actually stop effective collaboration and cost SharePoint customers more in terms of time and administrative effort?
What is Permissions Inheritance?
Microsoft defines permission inheritance as follows:
Permissions inheritance means that the permission settings of an element in a site collection are passed on to the children of that element. In this way, sites inherit permissions from the root site of the site collection, libraries inherit from the site that contains the library, and so on. Permission inheritance enables you to make a permission assignment once, and have that permission apply to all sites, lists, libraries, folders and items that inherit permissions.
By default, SharePoint sites inherit permissions from a parent site. This means that when you assign a user to the Members group, the user’s permissions automatically cascade down through all the sites, lists, libraries, folders and items that inherit the permission level.
As a result, content access control requires the creation of multiple locations – sites, libraries or folders – to satisfy the demands of a wide range of sharing and access scenarios.
Granular or item level permissions have been possible in all versions of SharePoint since 2007. However, the prevalence of broken permissions was low until recently. Frequently, an administrator may need to apply custom permissions, also called “breaking” inheritance. In SharePoint 2013 and Office 365, Microsoft introduced a new SHARE button that allows information workers to independently share documents with other users, sending them a link and assigning new permissions to the file. The end result is many more independent security scopes – and potentially a different access control list for each document.
The intent of inheritance was to reduce complexity and the amount of time administrators and site owners spend on security management. The reality is very different.
To learn more about the limitations of permissions inheritance, review some business and non-employee use cases and learn about more effective ways to manage access and permissions, download the whitepaper “Is Permissions Inheritance the Best Method for Governing SharePoint Access?”