Abhishek Bhowmick | SharePoint Blog

SharePoint Permissions: Hierarchy and inheritance

Posted in Sharepoint by Abhishek Bhowmick on May 4, 2011

By default, permissions on lists, libraries, folders, items, and documents are inherited from the parent site. However, you can break this inheritance for any securable object at a lower level in the hierarchy by editing the permissions on that securable object (that is, creating a unique permission assignment) . For example, you can edit the permissions for a document library, which breaks the permissions inheritance from the site.

Web sites are themselves a securable object on which permissions can be assigned. You can configure subsites to inherit permissions from a parent site or break the inheritance and create unique permissions for a particular site. Inheriting permissions is the easiest way to manage a group of Web sites. However, if a subsite inherits permissions from its parent, that set of permissions is shared.

Owners of subsites that inherit permissions from the parent site can edit the permissions of the parent. Ensure that any changes you make to the permissions on the parent site are appropriate for the parent site and all subsites that inherit those permissions.

The following figure shows a site collection hierarchy with a top-level Web site and subsites that inherit permissions from their parent site as well as a subsite with unique permissions.

In the preceding figure, subsite 1 inherits permissions from the top-level Web site.This means that changes made to SharePoint groups and permission levels on the top-level site also affect subsite 1.

Subsite 2 is also inheriting permissions from its parent (subsite 1). However, because subsite 1 is also inheriting permissions from its parent, changes made to SharePoint groups and permission levels on the top-level site affect both subsite 1 and subsite 2. This is because you cannot manage permissions on a subsite that is inheriting permissions. Instead, you either manage the permissions of the parent (which is the top-level Web site for subsite 1 and subsite 2) or you can break the inheritance and create unique permissions.

Notice that subsite 3 has unique permissions. This means that it does not inherit permissions from its parent site. Therefore, any changes made to the permission levels and SharePoint groups on subsite 3 do not affect its parent site. Because subsite 4 is inheriting permissions from subsite 3, any changes to permission levels or SharePoint groups on subsite 3 affect both sites.

Each site contains additional securable objects that have a particular position in the site hierarchy, as shown in the following figure:

Lower-level securable objects automatically inherit permissions from their parent. For example, a list or library inherits permissions from the site, and list items and documents inherit permissions from the list, library, or folder that contains them. You can break this inheritance at any point in the hierarchy and assign unique permissions. When you break the inheritance from the parent, the securable object from which you broke the inheritance receives a copy of the parent’s permissions. You can then edit those permissions to be unique — meaning that any changes you make to the permissions on that securable object do not affect the parent.

Reference: http://office.microsoft.com/en-us/windows-sharepoint-services-help/about-controlling-access-to-sites-and-site-content-HA010100144.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: