With SharePoint 2016, Microsoft has given us the latest on-premises iteration of their content creation and collaboration platform. As the tech-giant mentioned in their Future of SharePoint event, the latest version of the software is jam-packed with new features, more “consumer like,” with a number of improvements; many of which have been inspired from the success of SharePoint Online and Office 365.
All these improvements have brought about some significant changes in the way SharePoint is managed and run. One of these is Limited Access. Read on to learn the specifics about managing Limited Access in SharePoint 2016.
A Quick Reminder of How SharePoint Permissions Usually Work
While a few details surrounding what you can do with Limited Access in SharePoint may have changed, the reason for its existence in the world of SharePoint hasn’t. Limited Access is there to simplify security management by allowing administrators to control the level of access users have inside a SharePoint site.
As one of many permission levels within SharePoint, it includes grouping together individual permissions, restricting access to certain pages in a site, and so on—the likes of which are covered across the selection of default groups and permission levels in SharePoint. For those that require a more fine-grained level of customization, you can also create and edit your own permission levels.
Controlling access to sites, libraries, and items within sites is an important part of using SharePoint in your organization. The site collection forms a hierarchy; under which are your sites, subsites, lists, libraries, and so on. By default, the root of permissions in SharePoint is a site collection.
It helps to imagine this SharePoint site security as a pyramid: the site collection sits at the top, and permissions automatically flow down through the pyramid. This means that when you first create a site collection, all sites, subsites, etc. will automatically inherit the set permissions of the “top tier” site collection.This is known as permission inheritance and, by breaking it, you can create unique permissions for a site, list, or library.
Limited Access: Change the Default Permission Level
Generally speaking, you can make changes to any of the default permission levels for an additional layer of specificity for users, permissions, content, etc. However, the Limited Access permission level is slightly different, as it comes into play when permission inheritance is broken.
Unlike other default permissions, SharePoint automatically assigns Limited Access when it’s needed. Let’s say an HR manager wants to give a user access to a document. The permissions that grant access to the user are added directly to the content, permission inheritance is consequently broken, and Limited Access then automatically gives permissions to the user at the site level.
The following is Microsoft’s most up-to-date description of Limited Access:
"… enables a user or group to browse to a site page or library to access a specific content item when they do not have permissions to open or edit any other items in the site or library. This level is automatically assigned by SharePoint when you provide access to one specific item. You cannot assign Limited Access permissions directly to a user or group yourself. Instead, when you assign, edit, or open permissions to the single item, SharePoint automatically assigns Limited Access to other required locations, such as the site or library in which the single item is located."
So, What’s Changed?
Limited Access users are no longer visible through the permissions page, but with the release of SharePoint’s April 2016 content update, users now have the ability to list the User and/or Group with Limited Access Permissions, and can do so via a link in the Notifications bar.
Clicking on the “Show Users” link directs you to a page where the respective user principal with Limited Access permissions is now visible. The reason for the change was to provide site administrators with the ability to manage more fine-grained permissions on the site.
Going Through Changes
So while some specifics have changed, Limited Access remains as one of the most inflexible SharePoint permissions. As Microsoft’s own permissions best practice guide says, it’s best to design your site infrastructure in a way that creates as few fine-grained, custom permissions as possible.
If you do need to assign permissions at the smallest item level, it’s suggested you do so to SharePoint groups rather than individual users, as the whole thing can quickly get very complex and confusing.
If there are any further changes to how Limited Access is managed, we’ll bring you all the latest news and information you need. So stay tuned.
*Editor’s Note: This article was originally published in March 2015, but has since been updated to reflect SharePoint 2016’s content upgrade.