Customizing user access to folders, list items, and library files on a SharePoint site

You can customize a folder in a list or library, a list item, or a library file to broaden or limit which users can access the folder, list item, or library file and what those users can do to it. This article shows the most common approach to customizing user access to a folder, list item, or library file in a step-by-step order, and then lists individual procedures for more customization.

In this article


Overview

By default, a folder, list item, and library file inherits permissions (permission: Authorization to perform specific actions such as viewing pages, opening items, and creating subsites.) from the list, library, or folder it is in. The site, list, library, or folder that site content is in is referred to as the parent. Changes to the permissions of the parent apply to all content that inherits permissions from this parent.

 Note   Site content, also referred to as securable objects, includes sites, pages, lists, libraries, folders, list items, and library files.

In Microsoft Office SharePoint Server 2007, you can stop inheriting permissions from a parent and create unique permissions for a securable object. For example, you might want to have unique permissions for a folder that contains employee records or a sales contract that has not been finalized.

By default, a site owner for a site can manage the permissions of both the site and all of the site content that inherits permissions from the site. Any user with the Full Control or Manage Permissions permission level on a particular securable object, such as a document, can manage the permissions on that securable object.

Top of Page Top of Page

Typical steps for customizing user access to a folder, list item, or library file

By default, a folder, list item, or library file inherits permissions from the list, library, or folder it is in. This section provides the typical steps required to create unique permissions for a folder, list item, or library file that is configured to inherit permissions. For more information about customizing user access to a folder, list item, or library file, see the later section More options for customizing user access to a folder, list item, or library file.



Top of Page Top of Page

Step 1: Create a group

The first step in customizing user access to a folder, list item, or library file is to create SharePoint groups that will be used to give users unique permissions to the folder, list item, or library file.

We recommend using SharePoint groups to give users access to securable objects, such as library documents. It is easier to manage a few SharePoint groups that contain many user accounts than it is to add and manage permissions for many individual user accounts.

  1. Open the list or library which contains the folder, list item, or library file for which you want to create unique permissions.
  2. On the Settings menu, click Document Library Settings or List Settings.
  3. In the Permissions and Management column, click Permissions for this document library or Permissions for this list.
  4. On the Actions menu, click Manage Permissions of Parent.

 Notes 

  • This will take you from the list or library, up the site hierarchy, to the first site that has unique permissions. For example, the Contracts library is configured to inherit permissions from its parent site, Sales. The Sales site is configured to inherit permissions from its parent site, the top-level Adventure Works site. In this example, clicking Manage Permissions of Parent in the Contracts library takes you to the top-level Adventure Works site.
  • Regardless of your starting point, all SharePoint groups are created at the site collection level. This means that all SharePoint groups are available to all sites within the site collection.
  1. On the New menu, click New Group.
  2. On the New Group page, specify the settings for your new SharePoint group, but do not select permissions levels for the group, and then click Create.

The goal is to create a group that has permissions for a specific folder, list item, or library file. Selecting permissions at this step would give the group permissions for the site and all objects that inherit permissions from it.

For the preceding Adventure Works example, the Contoso Sales Contract group is created.

After you click Create, the People and Groups page for your new group appears. Now, you can start adding users to the group.

Top of section

Step 2: Add users to groups

After you create a SharePoint group, you need to add users to the group. We recommend adding Windows security groups to SharePoint groups to give users access to securable objects, such as a calendar list item or library document. It is easier to add and manage a few Windows security groups for a few SharePoint groups than it is to add and manage permissions for many individual user accounts.

  1. On the People and Groups page for your group, on the New menu, click Add users, and then type or browse to the Windows security groups and user accounts that you want to add.

 Note   Click Add all authenticated users to add all domain user accounts. For example, you might do this for a group that has the Read permission level for a document to give all domain user accounts the ability to read the document, but not make changes to it.

  1. Verify that Add users to a SharePoint group is selected and the correct group is displayed.

We recommend that you use SharePoint groups when possible to give users access to your site and its content. In rare cases, you may need to give permissions to an individual user by clicking Give users permission directly. However, assigning permissions to large numbers of individual users can quickly become difficult and time-consuming to manage.

  1. Optionally, select Send welcome e-mail to new users to e-mail groups and users when they are added to a SharePoint group.

 Note   Outgoing e-mail must be enabled for the site collection by a server administrator in Central Administration. If Send welcome e-mail to new users is selected and outgoing e-mail is not enabled, the groups and users are added to the SharePoint group and an error message appears indicating that the e-mail message could not be sent.

  1. Click OK.

 Note   If Please select the desired permissions is displayed, select Give users permission directly, re-select Add users to a SharePoint group, and then click OK.

For the preceding Adventure Works example, the appropriate Windows security groups are added to the Contoso Sales Contract group.

Top of section

Step 3: Add groups to a folder, list item, or library file

The next step in customizing user access to a folder, list item, or library file is adding SharePoint groups or users to the folder, list item, or library file with the permissions you want.

  1. Open the list or library which contains the folder, list item, or library file for which you want to create unique permissions.
  2. Rest the pointer on the folder, list item, or library file to which you want to add users or SharePoint groups, click the arrow that appears, and then click Manage Permissions.
  1. On the Actions menu, click Edit Permissions, and then click OK to confirm that you want to create unique permissions.
  2. On the New menu, click Add Users.
  3. In the Add Users section, type or browse to the SharePoint group you want to add to this folder, list item, or library file.
  4. In the Give Permission section, select Give users permissions directly, and then select the permissions you want to give the group for the folder, list item, or library file. For information about permissions levels, see the article Manage permission levels
  5. Click OK.

For the preceding Adventure Works example, the Contoso Sales Contract group is given the Contribute permission for Contoso Sales Contract.docx.

Top of section

Step 4: Remove users from a folder, list item or library file

In the previous step, when you chose to create unique permissions for this folder, list item, or library file, a copy of all SharePoint groups and users from the parent was created for this securable object. You may not want all of these groups with their associated permission levels to remain. Therefore, you may need to remove SharePoint groups and users from your folder, list item, or library file, so that only the desired users have access to it.

 Note   We recommend always having a SharePoint group or users with the Full Control permission level for securable objects, such as library documents, to help you manage the objects.

If you just completed Step 3, you are at the Permissions page that shows the SharePoint groups and users for your folder, list item, or library file. Use the following steps to remove SharePoint groups and users that you don't want.

  1. On the Permissions page for your folder, list item, or library file, select the check boxes for the users and SharePoint groups that you want to remove from this folder, list item, or library file.
  2. On the Actions menu, click Remove User Permissions, and then click OK to confirm the action.

For the preceding Adventure Works example, you might want to remove the default Adventure Works Members groups from the Contosos Sales Contract, so they no longer have the Contribute permissions for the document.

Top of section

Top of Page Top of Page

More options for customizing user access to a folder, list item, or library file

If you or someone in your organization previously set up unique permissions on your folder, list item, or library file, or if you are unsure of the situation, the step-by-step approach to customizing user access outlined above may not meet your needs. This section describes more options for customizing user access to folders, list items, or library files.



Top of Page Top of Page

View users and groups associated with a folder, list item, or library file

  1. Open the list or library which contains the folder, list item, or library file for which you want to view users and SharePoint groups.
  2. Rest the pointer on the folder, list item, or library file for which you want to view permissions, click the arrow that appears, and then click Manage Permissions.

The Permissions: Name of Securable Object page displays all the users and SharePoint groups (and their assigned permission levels) that are used by this securable object. This page also indicates whether the list or library inherits or has unique permissions.

Top of section

Add users and SharePoint groups to folders, list items, and library files

Use the following steps to add Windows security groups and user accounts to a SharePoint group that is associated with a folder, list item, or library file. If the folder, list item, or library file that you are configuring is using unique permissions, you can add users or SharePoint groups directly to the folder, list item, or library file with the permissions that you want.

 Note   We recommend adding Windows security groups to SharePoint groups to give users access to securable objects, such as documents. It is easier to add and manage a few Windows security groups for a few SharePoint groups than it is to add and manage permissions for many individual user accounts.

If this folder, list item, or library file inherits permissions, you cannot add users or SharePoint groups directly to the folder, list item, or library file. In this case, you can only add users to existing SharePoint groups on the parent, if you have the permissions required to do so on the parent site. However, if you stop inheritance and create unique permissions for the folder, list item, or library file, you can then add users or SharePoint groups directly to the folder, list item, or library file.

  1. Open the list or library which contains the folder, document, or list item on which you want to add users or SharePoint groups.
  2. Rest the pointer on the folder, list item, or library file to which you want to add users or SharePoint groups, click the arrow that appears, and then click Manage Permissions.

The Permissions: Name of Securable Object page displays all the users and SharePoint groups (and their assigned permission levels) that are used by this securable object. The page also indicates whether the list or library inherits or has unique permissions.

  1. If your folder, list item, or library file is inheriting permissions, you must first stop inheriting permissions. To do this, on the Actions menu, click Edit Permissions, and then click OK to confirm that you want to create unique permissions.
  2. On the New menu, click Add Users.
  3. In the Add Users section, select the users and SharePoint groups you want to add to this folder, list item, or library file.
  4. In the Give Permission section, either add the users to an existing SharePoint group or give them permission directly on the folder, list item, or library file, and then select one or more of the check boxes to give these users the permissions you want. For information about permissions levels, see the article Manage permission levels.

 Note   You cannot add a SharePoint group to another SharePoint group. If you added a SharePoint group in step 4, you must select Give users permission directly.

  1. Click OK.

Top of section

Change permissions for a folder, list item, or library file

Use the following steps to change the permission levels of selected users and SharePoint groups for a folder, list item, or library file. If the folder, list item, or library file inherits permissions, performing the following steps stops inheritance and creates unique permissions for the folder, list item, or library file.

  1. Open the list or library that contains the folder, list item, or library file on which you want to edit the permission levels.
  2. Rest the pointer on the folder, list item, or library file to which you want to add users or SharePoint groups, click the arrow that appears, and then click Manage Permissions.

The Permissions: Name of Securable Object page displays all the users and SharePoint groups (and their assigned permission levels) that are used by this securable object. The page also indicates whether the list or library inherits or has unique permissions.

  1. If your folder, list item, or library file is inheriting permissions, you must first stop inheriting permissions. To do this, on the Actions menu, click Edit Permissions, and then click OK to confirm that you want to create unique permissions.
  2. Select the check boxes for the users and SharePoint groups whose permission levels on this securable object you want to edit.
  3. On the Actions menu, click Edit User Permissions.
  4. In the Choose Permissions section, select the permission levels you want, clear those you do not want, and then click OK. For information about permissions levels, see the article Manage permission levels.

Top of section

Reconfigure a folder, list item, or library file to inherit permissions

By default, a folder, list item, or library file inherits permissions from its parent. However, this inheritance can be stopped to create unique permissions for a folder, list item, or library file.

Use the following steps to configure a folder, list item, or library file that is using unique permissions to inherit permissions from its parent.

Re-inheritng permissions discards unique permissions that were created for the folder, list item, or library file, such as unique SharePoint groups or the assignment of permissions levels that were created for the folder, list item, or library file while it was configured to use unique permissions.

  1. Open the list or library that contains the folder, list item, or library file that you want to configure to inherit permissions.
  2. Rest the pointer on the folder, list item, or library file, click the arrow that appears, and then click Manage Permissions.

The Permissions: Name of Securable Object page displays all the users and SharePoint groups (and their assigned permission levels) that are used by this securable object. The page also indicates whether the list or library inherits or has unique permissions.

  1. On the Actions menu, click Inherit Permissions, and then click OK to confirm the action.

 Note   The Inherit Permissions option is not available on the Actions menu if permissions are already being inherited by the folder, list item, or library file.

Top of section

Remove user permissions from a folder, list item, or library file

When a user does not have any permissions to a folder, list item, or library file, it is not be visible to them on the site. For example, if a user does not have any permissions for a specific document in at library, the document would not be displayed for the user in the list of documents for the library. It would appear to the user as if the document does not exist.

Use the following steps to remove users or SharePoint groups from a folder, list item, or library file.

  1. Open the list or library that contains the folder, list item, or library file for which you want to remove user permissions.
  2. Rest the pointer on the folder, list item, or library file on which you want to remove user permissions, click the arrow that appears, and then click Manage Permissions.

The Permissions: Name of Securable Object page displays all the users and SharePoint groups (and their assigned permission levels) that are used by this securable object. The page also indicates whether the list or library inherits or has unique permissions.

  1. Do one of the following:
    • To manage the permissions of the parent, on the Actions menu, click Manage Permissions of Parent.
    • If you are currently inheriting permissions from the parent and want to break this inheritance and create unique permissions for this securable object, on the Actions menu, click Edit Permissions, and then click OK to confirm the action.
    • If this securable object is already using unique permissions that are not inherited from the parent, proceed to the next step.
  2. Select the check boxes for the users and SharePoint groups whom you want to remove from this securable object.
  3. On the Actions menu, click Remove User Permissions, and then click OK to confirm the action.

Top of section

Top of Page Top of Page

Try it online with Test Drive

Test Drive provides a free online evaluation environment of Microsoft Office programs, such as SharePoint Server 2007.

Test Drive SharePoint products and technologies

 Important   Click Enterprise Content Management with Office SharePoint Server on the Test Drive site.

Top of Page Top of Page

 
 
Applies to:
SharePoint Server 2007