SharePoint is becoming a critical content repository for files, documents, list data and applications for many organizations. As content grows, users increase, and administrators come and go, SharePoint permissions slowly start drifting into the dark side of SharePoint management and might leave your permissions in unknown and messy state, much like this messy kitchen. You know deep down that a cleanup is due, but you begin to deliberately avoid this unpleasant confrontation because the task feels too daunting. You wish you knew the options you had to tackle those tricky Unique Permissions (also known as fine-grained-permissions, broken-inheritance-permissions, or item-level-permissions). This post should help.
In this article we will discuss how to avoid the SharePoint Permission Fallout and how to restore your grip on those permissions and whats on your site.
Common SharePoint Permissions that you want to address is:
- What sites have unique permissions (broken inheritance objects)
- What Lists have unique permissions
- What items, folders and documents have unique permissions
- Is there a way to audit unique permissions quickly?
- Can I do a recursive scan of the permissions on my site?
- Can I generate a report of those permissions?
Let's assume we have our SharePoint site for Health Services Inc as shown in the illustration below. Like many aged and grown sites, we find many subsites, some library with 20,000_ folders with unique permissions at the item level and deeply nested sites and subsites.
If you are an administrator that took over the administration of the site, you are completely in the dark. What can you do to understand how permissions are assigned to this barrage of content?
From here you can see the unique permission on that library. If you click on Folder 1 it will take you that folder details. If you click on "manage permissions" it will take you the permissions page for that folder so you can change the permissions.
The nice thing about this method is that it's available out of the box. The downside is that it's very rigid and limited in scope. Ideally you'd want to navigate up and down the hierarchy and drill deeper and even drill into the permissions quickly without jumping too many pages. You may also want to view the group memberships of the groups with permissions.
Powershell is a great free solution to do deep site scans and return unique permissions in a csv format. Here is a script that will do that. This will go through the whole site and do a recursive scan of sites, lists and items and find the unique permissions.
Tru Permission Auditor is a tool you install on any desktop, it doesn't have to be on the server and addresses the challenges brought by the out of the box and Powershell options. It provides you with a nice interface to
Once you connect to your site you can launch the Unique Permission Browser. Items in red identify unique permissions.
Quickly identify objects with unique permissionsDouble click to quickly view the document or item.See applied permissions on lists and items quickly.Navigate inside lists and libraries for special permissionsNavigate quickly to the permissions page in the browser.
You also have the option of running a complete report that shows all unique permissions and who has access to them.
We saw three options for analyzing unique permissions in SharePoint. The out of the box option is great if you have a very limited scope and use for your task. Maybe you want to do a one time audit. But that option doesn't scale well if you govern a lot of content. The Poweshell gives you a great automated full site scan allowing you to go through and verify permissions quickly. Tru Audit is a great tool overall for better permission management, allow you to identify unique permissiosn quickly using its permission browser and also jump quickly to content and permission pages to correct or verify access. It also provides you with a report at the whole site level or a library level and runs on any desktop machine.
Get News and Updates