locked
Break security inheritance twice in the same document library for parent and child document library issues RRS feed

  • Question

  • Hi

    I have a scenario where I have to break the inheritance twice within the document library folders. I appreciate if you provide me any suggestions on how to achieve this?

    Document library contains “employee folder1”, “employee folder2”, “employee folder3” etc. All these folders have unique security applied (no security inheritance from document library). Access is granted only for managers, Senior Managers, HRs and not to employee.

    Each employee folder (Ex: employee folder1) has two sub-folders called “Active” and “Archive”.

    Now, how can I grant access to employees only to “Archive” folder of their own? I need to achieve this programmatic ways.

    So far, I am able to break the security inheritance for all employee folders. Granted access to only managers, HRs and not employees. Both subfolders “Active” and “Archive” inherits from respective employee folder(Employee Folder1).

    Later, I broke the security inheritance again for the folder “Archive” and then granted access to employee.

    Now, logged in as employee to check if he/she has access to “Archive” folder, but it does not display folder at all. I want to display archive folder when employee access url like this(but it displays access denied): http://SPSServer/Documents/EmployeeFolder1

    However when I type full url in the address bar for archivefolder, I can see the content of Archive folder.

    Thanks in advance.

    Saturday, June 7, 2014 12:26 AM

Answers

  • Concerns around the number of security principals you might have aside, you need to change your structure slightly.

    As the employee doesn't have access to http://spsserver/Documents/EmployeeFolder1 they can't see that folder. If you switch the permissions model so that one allows the employee and 'Archive' still inherits that will allow users to view the files. You would then break inheritance on the 'Active' folder and remove the employee from that folder's permissions.

    Saturday, June 7, 2014 7:53 PM

All replies

  • Concerns around the number of security principals you might have aside, you need to change your structure slightly.

    As the employee doesn't have access to http://spsserver/Documents/EmployeeFolder1 they can't see that folder. If you switch the permissions model so that one allows the employee and 'Archive' still inherits that will allow users to view the files. You would then break inheritance on the 'Active' folder and remove the employee from that folder's permissions.

    Saturday, June 7, 2014 7:53 PM
  • Hi,

    When breaking inherit on the 'Archive' folder it should give "limited access" permission on the father folder and above (employee folder) to whom ever you gave permission to.

    Can you check if your employee have "limited access" permission on the employee folder.

    Sunday, June 8, 2014 12:05 PM