What is Limited Access? And how do I remove it?
Do you ever forget things that you’ve learned before? I do.
Case in point, last week I was looking at a page similar to this:
begging the question at the top of the post. The above snip of a SharePoint 2010 site gives me almost no clue what that permission level, Limited Access, might mean. In my case, it was a SharePoint 2007 site, but they act very similar.
Drilling down to edit the user’s permission gives a little more information, as shown below, but I’m still left wondering, how miwise was given this Limited Access. More to the point, How do I remove it? I clearly can’t use that greyed out checkbox to take Limited Access away.
The answer to why is clear when you read the documentation
Note You cannot assign this permission level to users or to SharePoint groups. Instead, Office SharePoint Server 2007 automatically assigns this permission level to users and to SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Office SharePoint Server 2007 automatically grants them Limited Access on the list, and also on the site, if needed.
|
In other words, if you’re looking to understand why a user or group has limited access, look first at the places permission inheritance has been broken, then you may find an escalated permission.
To remove limited access, restore inheritance or remove the higher level permission given to the item or items.
Default permission levels
Permission levels are collections of permissions that allow users to perform a set of related tasks. SharePoint Foundation 2010 includes five permission levels by default. You can customize the permissions available in these permission levels (except for the Limited Access and Full Control permission levels), or you can create customized permission levels that contain only the permissions you need. For more information about how to customize permission levels, see Configure custom permissions (SharePoint Foundation 2010).
 Note: |
|---|
Although you cannot directly edit the Limited Access and Full Control permission levels, you can make individual permissions unavailable for the entire Web application, which removes those permissions from the Limited Access and Full Control permission levels. For more information about how to manage permissions for a Web application, see Manage permissions for a Web application (SharePoint Foundation 2010).
|
The following table lists the default permission levels for team sites in SharePoint Foundation 2010.
| Permission level | Description | Permissions included by default |
|---|---|---|
Limited Access
|
Allows access to shared resources in the Web site so that the users can access an item within the site. Designed to be combined with fine-grained permissions to give users access to a specific list, document library, folder, list item, or document, without giving them access to the entire site. Cannot be customized or deleted.
|
|
Read
|
View pages, list items and download documents.
|
|
Contribute
|
View, add, update, and delete items in the existing lists and document libraries.
|
|
Design
|
View, add, update, delete, approve, and customize items or pages in the Web site.
|
|
Full Control
|
Allows full control of the scope.
|
All permissions
|
User permissions
SharePoint Foundation 2010 includes 33 permissions, which are used in the five default permission levels. You can change which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.
Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to things such as personal views, private Web Parts, and more. The following tables describe what each permission is used for, the dependent permissions, and the permission levels in which it is included.
List permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
Manage Lists
|
Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
|
View Items, View Pages, Open, Manage Personal Views
|
Design, Full Control
|
Override Check Out
|
Discard or check in a document that is checked out to another user without saving the current changes.
|
View Items, View Pages, Open
|
Design, Full Control
|
Add Items
|
Add items to lists, and add documents to document libraries.
|
View Items, View Pages, Open
|
Contribute, Design, Full Control
|
Edit Items
|
Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.
|
View Items, View Pages, Open
|
Contribute, Design, Full Control
|
Delete Items
|
Delete items from a list, and documents from a document library.
|
View Items, View Pages, Open
|
Contribute, Design, Full Control
|
View Items
|
View items in lists, and documents in document libraries.
|
View Pages, Open
|
Read, Contribute, Design, Full Control
|
Approve Items
|
Approve minor versions of list items or documents.
|
Edit Items, View Items, View Pages, Open
|
Design, Full Control
|
Open Items
|
View the source of documents with server-side file handlers.
|
View Items, View Pages, Open
|
Read, Contribute, Design, Full Control
|
View Versions
|
View past versions of list items or documents.
|
View Items, Open Items, View Pages, Open
|
Read, Contribute, Design, Full Control
|
Delete Versions
|
Delete past versions of list items or documents.
|
View Items, View Versions, View Pages, Open
|
Contribute, Design, Full Control
|
Create Alerts
|
Create e-mail alerts.
|
View Items, View Pages, Open
|
Read, Contribute, Design, Full Control
|
View Application Pages
|
View forms, views, and application pages. Enumerate lists.
|
Open
|
All
|
Site permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
Manage Permissions
|
Create and change permission levels on the Web site and assign permissions to users and groups.
|
View Items, Open Items, View Versions, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open
|
Full Control
|
View Usage Data
|
View reports on Web site usage.
|
View Pages, Open
|
Full Control
|
Create Subsites
|
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
|
View Pages, Browse User Information, Open
|
Full Control
|
Manage Web Site
|
Perform all administration tasks for the Web site, and manage content.
|
View Items, Add and Customize Pages, Browse Directories, View Pages, Enumerate Permissions, Browse User Information, Open
|
Full Control
|
Add and Customize Pages
|
Add, change, or delete HTML pages or Web Part pages, and edit the Web site by using a Windows SharePoint Services-compatible editor.
|
View Items, Browse Directories, View Pages, Open
|
Design, Full Control
|
Apply Themes and Borders
|
Apply a theme or borders to the entire Web site.
|
View Pages, Open
|
Design, Full Control
|
Apply Style Sheets
|
Apply a style sheet (.css file) to the Web site.
|
View Pages, Open
|
Design, Full Control
|
Create Groups
|
Create a group of users that can be used anywhere within the site collection.
|
View Pages, Browse User Information, Open
|
Full Control
|
Browse Directories
|
Enumerate files and folders in a Web site by using Microsoft SharePoint Designer 2010 and Web DAV interfaces.
|
View Pages, Open
|
Contribute, Design, Full Control
|
Use Self-Service Site Creation
|
Create a Web site by using Self-Service Site Creation.
|
View Pages, Browse User Information, Open
|
Read, Contribute, Design, Full Control
|
View Pages
|
View pages in a Web site.
|
Open
|
Read, Contribute, Design, Full Control
|
Enumerate Permissions
|
Enumerate permissions on the Web site, list, folder, document, or list item.
|
Browse Directories, View Pages, Browse User Information, Open
|
Full Control
|
Browse User Information
|
View information about users of the Web site.
|
Open
|
All
|
Manage Alerts
|
Manage alerts for all users of the Web site.
|
View Items, View Pages, Open
|
Full Control
|
Use Remote Interfaces
|
Use SOAP, Web DAV, or SharePoint Designer 2010 interfaces to access the Web site.
|
Open
|
All
|
Use Client Integration Features
|
Use features that start client applications. Without this permission, users must work on documents locally and then upload their changes.
|
Use Remote Interfaces, Open
|
All
|
Open
|
Open a Web site, list, or folder to access items inside that container.
|
None
|
All
|
Edit Personal User Information
|
Users can change their own user information, such as adding a picture.
|
Browse User Information, Open
|
Contribute, Design, Full Control
|
Personal permissions
| Permission | Description | Dependent permissions | Included in these permission levels by default |
|---|---|---|---|
Manage Personal Views
|
Create, change, and delete personal views of lists.
|
View Items, View Pages, Open
|
Contribute, Design, Full Control
|
Add/Remove Personal Web Parts
|
Add or remove personal Web Parts on a Web Part page.
|
View Items, View Pages, Open
|
Contribute, Design, Full Control
|
Update Personal Web Parts
|
Update Web Parts to display personalized information.
|
View Items, View Pages. Open
|
Contribute, Design, Full Control
|
No comments:
Post a Comment