Rights and Permissions in Sharepoint 2007

By stein_brian ·
I'm hoping somebody more knowledgable with Sharepoint 2007 could help me out with probably a really simple issue I'm having with Microsoft Office Sharepoint Server 2007. So I was asked to setup a demo site to show my boss at the school district where I work exactly what Sharepoint is and what it can do, even though I am new to it myself. The goal is mostly for a document repository for starters, but will probably expand from there. I had no issues installing after installation the default website opened, which I cusotmized a bit. I then created a new site underneat this top level site called 'Schools', and under that site I created one new site for each school in the district. Within each school, there is a site for each subject, i.e. Math, Science, etc. Lastly, under the subject a site for each teacher (please note this is my logical idea, physically i only have one school, one subject, and one teacher so far). the question is, how do I give a user, or group, specific rights to one site and different rights to other sights? When I am in the bottom most site, the teachers site, I goto Site Actions - Site Settings - People and Groups but no matter what I do there, it seems to take effect for every site, even if i remove inheritance from the parent. What am I missing here?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

My Reply

by stein_brian In reply to Technet info

Thanks, that is very helpful with regards to documents. But what about other aspects of Sharepoint? What I mean is, what if I want a user to be a contributor on one site, but then only have read rights to another site - for all content? That is what I am trying to figure out. For example, using my setup from my original post, i want a user to be able to get to the Middle School site, but not be able to get to the High School site, how do I do that? It seems when using the built in Sharepoint groups, regardless of where I access the People and Groups permissions page from, if I put a user in the default 'Home Members' group, then they have that right for every site that I created - that can't be correct?

Collapse -

Do not inherit permissions

by The Scummy One In reply to My Reply

in Sharepoint you can set permissions on the document level, however, by default they inherit permissions from the parent folder/siet. At each level that permissions need to be changed, dump the default (inherited) and set permissions manually.

Collapse -

So is that my problem.....

by stein_brian In reply to Do not inherit permission ...

.....that each time I create a new site I tell it to inherit permissions? So do you recommend I go to my sites and break the inheritance and setup unique permissions for each? Thanks!

Collapse -

If the permissions need to be different

by The Scummy One In reply to So is that my problem.... ...

for each sub-site or library, or even document, go to the site permissions and break the inheritance. Yes, that is what would be needed.

Collapse -

inherited perm

by shasca In reply to So is that my problem.... ...

That pretty much says it. If you don't want rights to flow then don't apply inherited attribute.
I would also download the utility in the attached, and reread the document rights management section.

Collapse -

Think I'm getting it

by stein_brian In reply to inherited perm

OK, thanks guys! I'm making some progress here, was able to remove one of the Sharepoint groups (visitors) from a 'bottom-level' site. This group contained a test user I have and after doing this the test user was able to browse all sites but the 'bottom-level' site which was hidden from the user.

Now I'm trying to figure out how I would remove a user from a group at a specific site, but keep them in the group for other sites - or is that not possible?

Collapse -

From the technet article

by shasca In reply to Think I'm getting it

Because it is inefficient to directly maintain user accounts, it is recommended that you use group permissions as much as possible. Particularly if you are using fine-grained permissions (see the following section), you should use groups to avoid having to track individual user accounts. People can move in and out of teams and change responsibilities frequently, and you do not want to have to track all of those changes and continually update the permissions for uniquely secured objects.
You can assign a user or group a permission level for a specific securable object (site, list, or item). Individual users or groups can have different permission levels for different securable objects.

You can assign a user or group a permission level for a specific securable object (site, list, or item). Individual users or groups can have different permission levels for different securable objects.

Related Discussions

Related Forums