We had a client contact us recently asking about a mysterious permissions issue in SharePoint. The client had a document library with folders and sub folders. He needed to perform a common activity and wanted to adjust permissions in some of the folders so only a subset of the users had access to the subfolder.

Our client went to the folder, broke permissions for the folder and removed the necessary groups.  Everything’s great right?  Not exactly.

The picture below illustrates the access to the “Parent” folder (Test Folder 1).  Note that “Test User2” has read access to the folder via a sharing link.

The picture below illustrates the access to the “Child folder” after breaking permissions and removing the unneeded groups.  Note: the managed links information did not display in the subfolder.

sharepoint child folderIt seems that everything looks good at this point, however if we check permissions for “Test User 2” that user still has read permissions to the subfolder as illustrated below.

What’s going on here?   The issue is with the “Get a Link” feature and the way permissions are applied.

When you create a link to read or edit the folder using the Get a Link feature, then provide that link to users, those users are automatically provided access to the folder, subfolders and all files, regardless whether you have permissions inherited or broken for the sub items.

Now, you do receive a warning that this will happen in the “Invite People” feature and could prevent this from happening:However, if you didn’t uncheck this box and are now faced with this issue, you have two options to fix this:

Option 1 – Manage the permissions at the folder you shared via the Get a Link feature.

Delete unique permissions at each folder and item you placed unique permissions.  Reset permissions as needed.

Option 2 – Use the “manage links” feature.  Select the link you created to allow access.

Select the link used to provide access.  Click REMOVE.

Click Disable Link.

The user is removed.

Verify the user has no permissions to the subfolder.

You may want to consider providing the user(s) an update that you removed access to the resource, if appropriate.

If you need assistance with resolving this issue or would like to discuss any other SharePoint features, contact us at info@peters.com.  We are happy to help!