SharePoint – Manage “Hidden” User Access from “Get a Link” Sharing

We had a client contact us recently asking about a mysterious permissions issue in SharePoint. The client had a document library with folders and sub folders. He needed to perform a common activity and wanted to adjust permissions in some of the folders so only a subset of the users had access to the subfolder.

Our client went to the folder, broke permissions for the folder and removed the necessary groups.  Everything’s great right?  Not exactly.

The picture below illustrates the access to the “Parent” folder (Test Folder 1).  Note that “Test User2” has read access to the folder via a sharing link.

The picture below illustrates the access to the “Child folder” after breaking permissions and removing the unneeded groups.  Note: the managed links information did not display in the subfolder.

sharepoint child folderIt seems that everything looks good at this point, however if we check permissions for “Test User 2” that user still has read permissions to the subfolder as illustrated below.

What’s going on here?   The issue is with the “Get a Link” feature and the way permissions are applied.

When you create a link to read or edit the folder using the Get a Link feature, then provide that link to users, those users are automatically provided access to the folder, subfolders and all files, regardless whether you have permissions inherited or broken for the sub items.

Now, you do receive a warning that this will happen in the “Invite People” feature and could prevent this from happening:However, if you didn’t uncheck this box and are now faced with this issue, you have two options to fix this:

Option 1 – Manage the permissions at the folder you shared via the Get a Link feature.

Delete unique permissions at each folder and item you placed unique permissions.  Reset permissions as needed.

Option 2 – Use the “manage links” feature.  Select the link you created to allow access.

Select the link used to provide access.  Click REMOVE.

Click Disable Link.

The user is removed.

Verify the user has no permissions to the subfolder.

You may want to consider providing the user(s) an update that you removed access to the resource, if appropriate.

If you need assistance with resolving this issue or would like to discuss any other SharePoint features, contact us at info@peters.com.  We are happy to help!

By |2017-11-15T12:11:54-05:00November 1st, 2017|Collaboration|Comments Off on SharePoint – Manage “Hidden” User Access from “Get a Link” Sharing

About the Author:

As Solution Architect at Peters & Associates, Chris Cummins is responsible for design in Peters & Associates development and business intelligence practices. This includes ensuring the team delivers to our standards of successful design, implementation, and satisfaction of our clients. He has over 25 years of industry experience, and has delivered over 375 Microsoft SharePoint projects for Peters & Associates. Chris has an undergraduate degree from the University of Illinois (Urbana), a MBA from Lewis University and industry technical and project management certifications. Chris’ primary role with our clients is aligning technical solutions to business needs.