The Limited Access permission level is used to give users\groups access to a specific list, library, folder, document, or item, without giving them access to the entire site. If this permission level is removed, the users\groups might not be able to navigate through the site to get the specific items, even if they have the correct permissions for an item within the site.
You cannot edit this permission level directly. This is special permission and introduced in the SharePoint 2007, to support the item level permissions. In the previous version of SharePoint item level permission was not there. As mentioned earlier it is mostly use for navigational purpose. Though you have limited access permission on the list you will not see items or folders in the list unless you have given privileges on the items or folder.
For an example I have SharePoint site with following hierarchy
Team Site->Parent->Shared Documents (Document Library)-> ‘Temp Folder’ (Folder).
If I give unique permission on ‘Temp Folder’ to ‘User1’ by breaking Role Inheritance, SharePoint will provide ‘Limited Access’ permission on all the parent objects of ‘Temp Folder’. That means ‘User1’ will get Limited access to Shared Documents, Parent and Team Site. But ‘User1’ will only view items on which he has been given access other than ‘Limited Access’, directly. So if Shared Documents has one more folder say ‘Temp1 Folder’, ‘User1’ will get ‘Limited Access’ on this folder as by default it inherits permission from its parent ‘Shared Documents’. But ‘User1’ will not see ‘Temp1 Folder’ unless ‘User1’ is given more privileges on this folder.
How to assign Limited Access privileges programmatically?
SharePoint doesn’t allow assigning ‘Limited Access’ privileges directly. You need follow work around. Work around is, if you want to give ‘Limited Access’ on Document Library, create folder in document library, Break Role Inheritance for this folder, give user other SharePoint permission to this folder , say ‘Read Only’ and remove the same permission in next step. When you add unique permission on the folder, SharePoint assigns ‘Limited Access’ to parent of folder to ensure that user can navigate to folder with unique permissions, but when you remove permission; it doesn’t remove ‘Limited Access’ permission from parent object.
//Assign user permission on the Folder
oWeb.AllowUnsafeUpdates = true;
SPRoleDefinition oRoleDefinition = oWeb.RoleDefinitions[PermissionLevel];
SPRoleAssignment oAssignment = new SPRoleAssignment(oUser.LoginName, oUser.Email,oUser.Name, oUser.Notes);
oAssignment.RoleDefinitionBindings.Add(oRoleDefinition);
oLstItem.RoleAssignments.Add(oAssignment);
//Remove user permission on the Folder
oLstItm.RoleAssignments.Remove((SPPrincipal)oUser);
oLstItm.Update();
Limited Access example in real life
You can only open bank locker with your key, but to get to the locker, you need have locker room door key as well. You have full access to locker, but limited access to locker room door.
No comments:
Post a Comment