The workarounds above will help users minimise the problem but addressing the problem fully requires permissions governance strategy that reviews both default configuration settings and usage practice. Link generated using Classic mode context menu dialog box.Link generated using “People with existing access” that does not break inheritance:.Link generated using default “People in ” link settings which breaks inheritance:.If you select one of the links reports, SPD will offer to check the links for you. There are options to view all hyperlinks, unverified links, broken links, external links and internal links. How can you tell if a link causes this problem?įor documents, the format of the link will tell you if the link was generated in a way that may break inheritance. At the bottom of the Web Site pane, select Reports.
The user selects Share from the document context menu which opens the dialog box to send or copy the link. In the Modern pages this happens when the Share command is used with the default link settings of “People in ”. In all cases this breaking of permissions happens without any warning or indication to the user and there is currently no feature in SharePoint for easily identifying and inventorying the broken permissions.
This problem affects all versions going back to SharePoint 2013 and SharePoint Online. Recently many of our customers have been reporting finding many documents with unique permissions that they did not intend to set. We discovered that the problem occurs when a user clicks the Copy Link or Share command and applies the default settings. Once the security inheritance is broken new users added to a site may find they don't have permissions on those documents. Assigning individual permission to documents involves breaking the inheritance structure and is normally done with caution because managing many documents with different permissions can be difficult. SharePoint has a robust and fine-grained security mechanism for content which allows documents to inherit permissions from the library they are in and also to have unique permissions assigned.
0 kommentar(er)
