Definition
Limited access: a condition when someone can only see individual items on a SharePoint site.
The limited access warning is shown after any user who doesn’t have permission to the entire site gets permission to at least one file or list item.
How to remove the warning
You might see the following warning banner in SharePoint’s advanced site permissions page.
There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.
If you see the warning banner and want to remove all limited access, the following steps removed the banner in my test case.
- Select Show users
- Select all the users and groups who have Limited Access in the Permissions Levels column
- Select Remove User Permissions from the list of Permissions actions
- Select OK in the warning message
Screenshot
The following screenshot shows the warning message from Step 4 above.
Archived content
The original post from July 2010.
Update 8/6/2014: 2 new links: A warning on removing limited access and another “What is Limited Access” post.
Do you ever forget things that you’ve learned before? I do.
Case in point, last week I was looking at a page similar to this:
begging the question at the top of the post. The above snip of a SharePoint 2010 site gives me almost no clue what that permission level, Limited Access, might mean. In my case, it was a SharePoint 2007 site, but they act very similar.
Drilling down to edit the user’s permission gives a little more information, as shown below, but I’m still left wondering, how miwise was given this Limited Access. More to the point, How do I remove it? I clearly can’t use that greyed out checkbox to take Limited Access away.
The answer to why is clear when you read the documentation
Note You cannot assign this permission level to users or to SharePoint groups. Instead, Office SharePoint Server 2007 automatically assigns this permission level to users and to SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Office SharePoint Server 2007 automatically grants them Limited Access on the list, and also on the site, if needed. |
In other words, if you’re looking to understand why a user or group has limited access, look first at the places permission inheritance has been broken, then you may find an escalated permission.
To remove limited access, restore inheritance or remove the higher level permission given to the item or items.
To explain in another way – limited access happens when you give users access to a specific document or document library, (as apposed to adding them to the default Members, Owners or Visitors groups).
You can’t just delete limited access. If you do that you will revoke the access of everyone who had limited access assigned to them.
You first need to determine where they had this access so you can fix it by possibly creating a new group, placing the users into that group, then assigning the Group to the document library.
If you have SharePoint 2007, you’ll need to go into each and every document library / list and check the permission levels under the Settings.
If they are all inheriting permissions, it means that the users have been given access on an item level instead, ie: to specific documents. (And this is why its a bad idea to do this).
Now you’ll need to go into each and every single document’s settings to see who has special access.
When you find the source, then yes, you need to inherit permissions again to remove the limited access thing. The more documents you have on your site, the longer this is going to take you.
It comes down to planning. If you are granting permissions on a document level, your planning is wrong. It is near impossible to manage your sites like this. You need special 3rd party software in order to do that. SharePoint 2010 is alot better as it has better built in reporting.
Worst case, break permissions on a Library (or list) level. Best case, don’t break permissions at all and keep special users on their own site – especially if you are new to SharePoint or don’t understand how permissions fits together. It takes lots of experience to get this under the belt properly.
Kind Regards,
Veronique Palmer
Lets Collaborate
Veronique,
Thanks so much for your contribution to the post. I love how your comment adds more text, and arguably, more value than my original post!
Inheriting permissions is a tricky topic. There is a great discussion in the Microsoft SharePoint 2007 Administrator’s Companion. Even there, it basically boils down to a failing in the User Interface and the need for 3rd party tools just to keep track of where these suggested practices might not be followed.
SharePoint 2010 is 100 times better in identifying and reporting on inheritance breaks, but it will continue to be relevant until at least v15.
Tom
Very nice site!
I always appreciate comments. Especially positive ones!
This is good information to know as we are upgrading our sites to SP2010 in a few weeks.
What is the impact of having both permissions levels assigned to a user or group?
Hi Kiah,
When an item has multiple permissions granted to a user or group, the permissions are combined.
For example, in the screen shot above, miwise has Contribute and Read. Combining the permissions of both groups really results in Contribute permission since Contribute already has the permissions of Read.
-Tom
I have taken your advice and changed the site permissions to remove the limited access restrictions. However, the limited access is still visible and prevents me in my admin and user profiles from changing views in lists.
What puzzles me is my spAdmin login is restricted with limited access too which makes no sense.
Andy,
If your site owner can not change views in a list, most likely, permissions are not inheriting from the site for that list.
I recommend the following office.com article on permission inheritance in lists. There is a section on restoring permission inheritance that may help: http://office.microsoft.com/en-us/sharepoint-help/edit-permissions-for-a-list-library-or-individual-item-HA102833689.aspx
Tom
I understand what this permission level means. I don’t think it belongs on this screen, though. It’s difficult to get a good picture of who has access to what, when the list is cluttered with ‘limited access’ lines.
Chris,
I agree with you that it is difficult. I recommend you avoid this situation unless it is necessary. As I wrote above, “to remove limited access, restore inheritance or remove the higher level permission given to the item or items.”
In other words, this happens when a user has a permission granted on this specific list or list item when they otherwise wouldn’t have that permission through inheritance from the site or list.
Tom
I would prefer to remove this from my screens because it obscures the main information about who has permissions to access a resource. I can see how this information might be useful if you’re trying to find an obscure problem, but it makes it much more difficult to get a quick picture of permissions.
I’m constantly revisiting security on my sharepoint items because on our sharepoint 2010 installation, we have the lovely bug where people randomly disappear from permissions lists, and I suspect I will be repairing our sites every week for the next 7 years (then we can move on, and find out the permanent bugs associated with Sharepoint 2020).
Is there any way to determine inheritance breaks without a server script? I work for a larger organization with many sharepoint sites. I’m a local resource and inherited my department’s site.
@Judy Yes. If you go to Site Settings > Site Permissions, you should see a link that says Show me uniquely secured content
Hi Tom,
I have created a new user group and need to assign that user group with access to a sharepoint list. All the other list that are available shouldnt be accessible for them..
How to go about it.
Hi Karthi,
Go to the list settings > Permissions for this list, break inheritance and add the group. More detail here: http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/edit-permissions-for-a-list-library-or-individual-item-HA102833689.aspx
Tom
Still relevant today – thanks…
Thanks, UnderCoverGuy!
Does anyone have a recommendation for a product or script to clean up Limited Access permissions that are no longer used? i.e., there are no lower level items uniquely permissioned for the user/group which is granted limited access.
I could imagine a PowerShell script that crawls through all the SharePoint objects checking could be built with some effort. I don’t know of a great example that exists.
There are a lot of permission management products available. I haven’t spent much time with them but there is a great list with some reviews available: http://www.sharepointreviews.com/sharepoint-administration/sharepoint-security
This is a very frustrating situation. I intentionally broke the inheritance – I have data that only certain people should access. What I find happening though, is that the site specific permission groups start out with limited tagged onto them and each person in a group with limited access also gets the limited access tag.
It would be fine if there were no limits at the current site, but that is not the case.
A user with the limited access permissions is not able to change permission to a library or document to which they have full control (but limited access).
Very frustrating.
I don’t want to start a separate site collection every time I need unique permissions – I would have hundreds … or more … site collections.
hi, thanks for the post . I’m using SharePoint Online .. I created a team site and subsites that inherit permission from parent , but when I open the subsite.. I found the limited Access on specific list called MicroFeed (default list created with subsite) I don’t know how to do with this issue . I need to make all things in subsite inherit permissions.
Hi Kaaba,
Did you find a solution for this problem? I’m facing the same issue.
Regards
how dows Trialix works
Just want to say Hi!
So when software updates aren’t put in, a business’s WordPress web site becomes
a ripe goal for hackers looking for their next victim.