We had a client contact us recently asking about a mysterious permissions issue in SharePoint. The client had a document library with folders and sub folders. He needed to perform a common activity and wanted to adjust permissions in some of the folders so only a subset of the users had access to the subfolder.
Our client went to the folder, broke permissions for the folder and removed the necessary groups. Everything’s great right? Not exactly.
The picture below illustrates the access to the “Parent” folder (Test Folder 1). Note that “Test User2” has read access to the folder via a sharing link.
What’s going on here? The issue is with the “Get a Link” feature and the way permissions are applied.
When you create a link to read or edit the folder using the Get a Link feature, then provide that link to users, those users are automatically provided access to the folder, subfolders and all files, regardless whether you have permissions inherited or broken for the sub items.
Now, you do receive a warning that this will happen in the “Invite People” feature and could prevent this from happening:However, if you didn’t uncheck this box and are now faced with this issue, you have two options to fix this:
Option 1 – Manage the permissions at the folder you shared via the Get a Link feature.
Option 2 – Use the “manage links” feature. Select the link you created to allow access.
Click Disable Link.
The user is removed.
You may want to consider providing the user(s) an update that you removed access to the resource, if appropriate.
If you need assistance with resolving this issue or would like to discuss any other SharePoint features, contact us at firstname.lastname@example.org. We are happy to help!