How can I set the permissions for a site where I have access to do everything but NOT view documents?
Thank you.
I'm Kevin and I'm responsible for permissions in SharePoint
In SharePoint, you can grant permissions to a user or group via what we call "permission levels" - essentially sets of permissions. Out of the box we include a few of these like "Read" and "Contribute" and "Design".
It sounds like you want to provide some users with the ability to do more than the Read permission level allows, but disallow the viewing of documents. To accomplish this, you could create a new permission level (site settings > advanced permissions > permission levels). Note: we restrict permission levels from including adding or editing items without the ability to view them
If you, or anyone reading have further questions about this stuff feel free to get a hold of my via email: kevin.davis#microsoft.com
Your question is slightly confusing, I'm taking it to mean, you want to stop certain users (or groups of users from accessing documents hosted in your site. (Where you are the site administrator.)).
To do that go into each library, go to settings, then document library settings, permissions for this document library and restrict them as appropriate.
Related
I created a survey in my sharepoint online site.
If I give contribute permissions the user can add responses but can also edit permissions and add questions to the survey. Also, with contribute permissions, even if I set the survey advanced permissions to "Read responses that were created by the user" instead of "Read all responses" the user can still see all responses, even the other user responses, he also can edit and delete those answers...
If i give read permissions the user can't respond to the survey...
What can I do? What am I doing wrong?
Thank you
When you say that users "can also edit permissions and add questions to the survey", I believe in 2 scenarios:
The user has more pemissions than required at list or web level, probably being part of one or more group that has, for example, Design or Full Control permissions
Your "Contribute" permissions level was changed, and their permission was raised
So please just check the current users permissions and which groups they are members, just entering on survey settings> permissions for this survey> check permissions. Just check which groups the user is associated and be sure they have appropriated permissions.
Other important thing is to check if the role Contribute remains with the original permissions. Remember that it's a best practice to not change the original permissions levels, and you may check it on site settings > site permissions > permissions levels.
You may check more details and how the permissions levels are configured at the following link:
https://support.office.com/en-us/article/understanding-permission-levels-in-sharepoint-87ecbb0e-6550-491a-8826-c075e4859848
Just for your information: if the user has the right permissions and be a member of the expected groups with the Contribute permissions, it must not be able to change anything at list level, like questions or permissions.. Except if it's a site collection administrator or something like that ;)
We want some users of one of our SharePoint site to manage permissions on their site but do not want them to give the permission called "Manage Permissions". Because if we do so, the users start assigning the built in permission level “Full Control” to themselves. How can we achieve this?
Please note that the users with the permission level "Manage Permissions" can create and change permission levels on the Web site [Ref: Microsoft]. What we want for them to only be able to create users, groups, and assign certain permissions on the site to those users and groups.
"we want for them ... and assign permissions"
you DO realize that they can just as easily be assigning Full Control to these groups? isn't that what you say you want to AVOID?
manage the permissions for them, and allow them to self manage the GROUP MEMBERS. that way they can add people to the "publishers" group... and net result is that the user has "publish" permissions.
solution 2 can be extrapolated for some very granular needs, but I don't explain how because I wouldn't recommend it.
This is baffling me. I used PowerShell to add about 35 libraries to a site and then create and ADD 3 permissions groups for each library which are set to use unique permissions.
After running my code I thought all was fine. When I go to the site I see all the libraries that I made and can go into each of them and the permissions for each library are correct. However, if I go in as any other user I can't see any of the libraries. Even if I go to all "All Site Content" it's as if they don't exist.
I am the site collection admin and am part of that site's Owners group, but other people in the Owner's group can't see the libraries.
Any Ideas?
It might be that the other users who cannot see those library are not having any permission on that library,since you have broken inheritance. You can verify this by logging in as Site administrator. Open the document library--> Library settings-->Permissions for this document library --> Check Permissions. Here type in the user for whom the library was not available, then you can see if that user is actually having any permission on that library or not.
In SharePoint, it has 5 permission level: full control, design, contribute, read, limit access. Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied; and it can be inherited from the parent, or it can have its own. if one user doesn't have the permission to a list, the user can't see it.
Permissions control is complex in SharePoint, See these MSDN articles for details:
Permission levels and permissions
About controlling access to sites and site content
I have a Sharepoint library that is too large for a central administrator to manage permissions on all items, so I want to designate a few other people who are able to allow or disallow read/write access for arbitrary items in the library to users or groups. However, I don't want to give those few people total "manage permissions" ability because I don't want them granting themselves or others full control or design permissions, etc.
Is there a way to grant "manage only read/write permission"? Or is there a better way of accomplishing what I'm trying to do?
Thanks!
This question pops up all the time, and I haven't been able to find an answer that immediately makes the asker happy.
I usually suggest that you stay away from item-level permissions, and instead create libraries pretty much mapping to groups. make a library for your Company X accountants, make a "Accountants at Company X" group, give them rights to that library. You should be able to trust them enough that they get to manage their own document library. If not, keeping the permissions on a per-library basis will make the workload much less, and the site administrator(s) can most likely handle the permissions on these libraries. If you want to make it easier for them, just create a formal workflow where a user can apply for access and an administrator grant it.
There are other ways, of course, but you're pointing at one of the major reasons you should stay away from item-level security. It's just a can of worms that you need to avoid opening if at all possible.
Maybe you can try the third party tool: SharePoint Permission Manager by SharePointBoost. You can search, analyze, manage and backup SharePoint users or group permissions on a centralized platform.
I don't think there is a specific permission that meets your needs for one site. I think your best option may be to split into sites or libraries you can allow others to manage for your central administrator.
Here's a related excerpt from the TechNet article, [Plan Permissions][1], that may help you more:
Users or groups are assigned a
permission level for a specific
securable object: site, list, library,
folder, document, or item. By default,
permissions for a list, library,
folder, document, or item are
inherited from the parent site or
parent list or library. However,
anyone assigned a permission level for
a particular securable object that
includes the Manage Permissions
permission can change the permissions
for that securable object. By default,
permissions are initially controlled
at the site level, with all lists and
libraries inheriting the site
permissions. Use list-level,
folder-level, and item-level
permissions to further control which
users can view or interact with the
site content. You can return to
inheriting permissions from a parent
list, the site as a whole, or a parent
site, at any time.
I want to move a page between sites from a site collection.
I am getting result as :-
Operation Failed.
Access Denied. Not enough permission.
When I login as Site administrator, I can move page between sites.
The user with contribute permission cannot move pages between sites.
Please help me for this issue...
It looks like the permission level issue.
Instead using the default permission levels (Contributor in your case, which has no rights to manage web), you should probably create a custom permission level that has permissions fits your need.
Please go read
http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx
Hope it helps
James is correct, you need more permissions.
If you don´t wan´t to add those permissions to the users you could create your own "move" function that uses elevated permissions to do the copying. Things to look out for though is that you would have to "restore" the current users credentials on the createdby and modifiedby columns after the move since those will be sharepoint\system when elevated.