In my latest post I showed you how you could limit the options to share the content in your site. I hope that you have made some decisions, so now it is time to clean up the mess.
Let me remind you why too many options to share can turn into a problem:
- Sharing a document or list item, or using the “Get a Link” option, creates unique permissions, and that means that the permissions of a document or list item no longer follow the permissions of the site. So if you add a new group (recommended) or a new person (not recommended) to the site, this group or person will not automatically get access to those items.
- This will lead to unexpected access denied messages and therefore Access requests.
- Approving Access requests may lead to more unique permissions AND they give people Contribute permissions by default, which may be too much.
- Unlimited sharing (especially with external users) can lead to your documents falling into the wrong hands.
So, how to take back control of your site after you have changed some of the settings?
Have a note-taking system ready – paper, OneNote, Notepad, document – whatever is your thing. You will need to make some notes.
1. Process pending Access requests
Go to Site Settings > Access Requests and Invitations and see who has requested access.
Click the … next to each name and add people to site groups as much as possible. If you do not see the site group mentioned, note down their names with the group that you want to add them to.
2. Remediate content with unique permissions
a. Go to Site settings > Site permissions and click on this link:
b. You will get a pop-up with all lists and libraries that have different permissions.
c. The items marked as “manage permissions” are usually lists and libraries that have different permissions by design. Skip these.
d. Click on “view exceptions” for the first list or libraries that has this mentioned. You will see all documents (including pages and images) or list items that have unique permissions.
e. Using Rightclick > Open in new tab, click “manage permissions” for the topmost item. (If you just click “manage permissions”, you will have to start at a. again for the next document or list item)
f. Check if there are any people mentioned that you may want to add to one of the site groups, and note down their names + intended site group.
g. Click “Delete Unique permissions” to re-inherit the permissions from the list or library.
h. Repeat steps e, f and g for the next document or list item.
3. Weed out “limited access”
Limited access is an annoying thing that tells you that there are, or have been, unique permissions – or it may mean nothing at all.
If this site has existed for some time and you do not know it very well, you can skip this step for now because you might remove people who are there for a good reason.
a. Go to Site settings > Site permissions and click on this link:
b. Check if there are any people mentioned that you may want to add to one of the site groups, and note down their names + intended site group.
c. Remove any individual users so you are left with only the site groups.
4. Add the new users
Add the users that you noted down during steps 1, 2 and 3 to their respective groups.
5. Review the Members group
During the time that you had no restrictions, Members may have added other Members. Review your list of Members and change their roles or remove them where needed.
6. Replace any “breaking links” on your pages
Hover over every link on every page in your site and look at the link in the bottom-left of your screen. Links of the “Can View” or “Can Edit” type will generally have “guestaccess” in their link and they will cause unique permissions.
When I did not know all this yet, I had created some Promoted Links with the “Get a Link – Can View” link to a page. As soon as I created the link, the permission inheritance for the page was broken and everyone who clicked on the link was added as individuals to the page.
Replace every one of those links with the “Restricted Link” equivalent.
7. Monitor
Review on a regular basis if the restrictions and the cleanup work make you feel more in control of your site. Depending on your choice of measures, you may need to do more approvals from Visitors or Contributors who want to share content.
How have you dealt with the “Unholy trinity of creating unique permissions” 
? Would you like to share your frustrations or have you found a good way to deal with this that other readers can benefit from?
Image courtesy of artur84 at FreeDigitalPhotos.net
Tagged: Content Management, Document Management, Housekeeping, Maintenance, People, Permissions, Security, Team Site
