How are Sharepoint User Permissions applied and can you create custom ones?
https://sharepoint.stackexchange.com/questions/100633
-
28-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm learning sharepoint and this question is purely academic and for my own understand of sharepoint's permissions model.
I know you can create a custom "Permissions Level" which is a collection of user permissions (List,Site, and Personal), but can you actually create a custom user permission? I'm only asking because I'm assuming the answer is no and that User Permissions are the lowest level of assignable permissions objects.
Also, I'm unclear on what sharepoint permissions actually are, are they eventually translated to NTFS permissions or is it all done programmatically?
Solution
You are right, You can create "Permission Levels" but you can not create custom user permissions.
Site permissions are actually authorization to sharepoint site. What actually you can do on sharepoint site.
Permissions are categorized as list permissions, site permissions, and personal permissions, depending on the objects to which they can be applied. For example, site permissions apply to a particular site, list permissions apply only to lists and libraries, and personal permissions apply only to certain objects, such as personal views and private Web Parts.
For more details check:
http://technet.microsoft.com/en-us/library/cc721640(v=office.15).aspx
OTHER TIPS
SharePoint permissions are only an "Enumeration" and are documented here:
Each permission is encoded as a 2^N value and they are combined into one big number (A "Flags" enumeration)
When you use the UI to build a custom set, it will validate any missing permissions and add them for you. So for example to have the right to edit an item, you would also require the right to view it.
After this there are security scopes. A security scope is basically a starting point where you can assign a permission. All items below the starting point will get the same permissions, unless you "break inheritance" again, which will force you to assign new permissions on that level and they are applied down from there.
Also note that you should try to minimize the number of broken inheritances, since its very hard to manage those permissions and it can also lead to performance issues once you exceed a certain number (5000).
Custom permissions outside of the enumeration can not be created
