Understanding permissions

cancel
Showing results for 
Search instead for 
Did you mean: 
fedorow
Senior Member II

Understanding permissions

Official documentation tells this:

CAUTION:
Don't give permissions to users who aren't a member of the site, as this can cause problems with the document library.

What does it mean? What problems we toking about?

If it's a technical problems, why Share search new customer in EVERYONE, but not in the site members list.

It it's a logical problems, how can I work with my project team in one project document librery, and at the same time approve contract with my lawyer, approve finance plan of project with my CFO, logistic documents with my department of transportation etc. According above almost all my company should be a members o project site, and all of them will read all documents of all projects.  It's pointless.

Where is my conclusion wrong?

4 Replies
afaust
Master

Re: Understanding permissions

Share used to have an action that allowed permissions to be granted only to the coarse grained role groups for the site, but people felt it was too restrictive. Now they allow any user / group to be granted a permission, but have to put up that warning for people not to shoot themselves in the foot.

Essentially, when you grant a person / group permissions on a folder / document, but they are not a member of the site, they could technically access the folder / document, but the Share UI won't work correctly, because some parts of the UI require for e.g. document-details or documentlibrary require the user to be member of the site to access some details about the context.

It generally is perfectly fine and there are no problems if you only use WebDAV on the other hand, e.g. the user / group can access the folder / document by using the direct path, and they should have no issues (unless they try to navigate upwards into parent folders that they don't have access to).

And I beg to differ, but it should not be pointless. Everyone who needs to have access to (some) content in the site  needs to be made a site member, e.g. a simple Consumer. Then, in the document library, you should probably make sure that every top-level folder has its permission inheritance disabled, so that not all members can automatically see all the content. And from there on, you can give selective access permissions on the relevant structure (you may have to also disable inheritance in sub-levels if you don't want to give access through every layer).

Also, using Smart Folders may be an easy way to simplify permission management. Instead of having to assign permissions on complex folder structures, you only need to assign permissions at the lowest levels of structures / documents that a user needs access to, and by using Smart Folders, you can then present a virtual folder structure by which they can navigate to the documents / folders to which they are allowed access.

fedorow
Senior Member II

Re: Understanding permissions

Axel thanks, all is clear!

Can you suggest a source where I can glean concept information like you giving here? Book or some thing about organisation of data, concept guide of documents store structure?

afaust
Master

Re: Understanding permissions

I am not aware of any source to recommend. So far I have not used any books or other concept guides concerning document management, and most of what I recommend is solely based on project experience.

fedorow
Senior Member II

Re: Understanding permissions

As I expected, expirience, expirience...

Thanks a lot!