SP2016 - Deny users access to browse a given list or library without restricting access to application pages
https://sharepoint.stackexchange.com/questions/205932
-
13-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
We have a streamline and "compact" website with only one document library and two lists. These are used by web part and wiki pages to show content to users.
We would like to block users from being able to browse these document libraries by going into their URL (e.g. http://myspwebapp/collection/site/library). What I have done before (and was acceptable until now) was to create a new permission for those users that deny them access to application pages.
However we now rely on my SharePoint solutions that won't work if we deny users access to the application pages, so we need a better solution.
Even if we could customise a solution that allow us to change the URL of a page, tomorrow we might find a solution that does not allow this level of customisation.
Is there a way in which we can deny users form trying to browse given document libraries individually, while maintaining overall access to application pages?
Soluzione
The solution lies in creating a new permission level for lists and libraries only.
Here is what we did:
- Created a new permission level called "View library as Visitor" that only have the following turned on:
List Permissions: View Items, Open Items;
Site Permissions: View Pages, Use Remote Interfaces, Use Client Integration Features, Open.
- Edited the library settings and selected to change permissions for document library.
- Clicked on "Stop Inheriting Permissions" on the ribbon at the top.
- Selected the checkbox next to the group in question (i.e. Visitors) and then clicked on the option Edit User Permission located on the ribbon at the top.
- In the Edit permissions page, I removed all roles other than the role I created in step 1.
As for the previous permission level that I had which disabled the Application Pages for the entire site, I kept that permission level because it also has other restrictions -- but I re-enabled access to application pages. That permission level is used for the site permission, and all document libraries or lists that inherit permission.
