MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Accumulation of site Level "Limited Access" permissions

  Asked By: Darren    Date: Jan 08    Category: MOSS    Views: 4703

When you break inheritance and grant permissions to a user at the
subsite or document library level, MOSS automatically grants the user
the 'Limited Access' permission level to the root of the site. This is
so the user can access stuff at the root that is needed to render the
subsite or library.

With permissions for the user in place at the subsite or library level,
the system will allow you to remove the site level ('Limited Access')
permission for the user, and will remove with it any subsite level or
document level permissions. This is probably a good thing, as it will
prevent 'orphaned' permissions from being left throughout the site
hierarchy. However, when you remove permissions for a user at the
subsite or library level, the 'Limited Access' permission for the user
remains at the site level. This is true even if the user has no other
subsite level or library level permissions in the entire site.

I would rather that MOSS cleaned these un-needed permissions out, but we
can live with that and clean them out ourselves. There's this problem,
though: if we inspect site-level permissions and see 'Limited Access'
permissions in place for a user, how can we know if there are subsite
level or library level permissions in place for the user? How can we
know whether it should be cleaned out or not?



2 Answers Found

Answer #1    Answered By: Christen Roberson     Answered On: Jan 08

The answer is to buy DeliverPoint 2007. See here:
www.barracudatools.com/Products/DeliverPoint" target="_blank" rel="nofollow">www.barracudatools.com/Products/DeliverPoint+2007/
<www.barracudatools.com/Products/DeliverPoint" target="_blank" rel="nofollow">www.barracudatools.com/Products/DeliverPoint+2007/> For those
of you not familiar with Barracuda Tools, you should know that they are
a sister company to the sponsors of this list Mindsharp. Seriously,
DeliverPoint 2007 will be released next week and one of its features is
to display all the permissions  for a particular user  at every level  of
the whole farm. You could easily see whether there is a Limited Access
permission hanging around that isn't still being used for a specifc
permission in a lower level site  or library.

Answer #2    Answered By: Faith Delgado     Answered On: Jan 08

Another product I saw at a Quest booth at a conference was their Site
Administrator for Sharepoint.

It has a user permissions  management feature. I'm not sure if these are
competing or complementary products, I haven't looked closely at either yet.
But I'm building my bookmark list of administrative tools and thought I'd
share. I've definitely bookmarked the DeliverPoint too.

Didn't find what you were looking for? Find more on Accumulation of site Level "Limited Access" permissions Or get search suggestion and latest updates.