In my job (helping business users to use their SharePoint environment as good as possible), I am always looking for good metaphors to explain functionality. This is the first example “from the household” to explain SharePoint to end users.

List/library permissions.

As described earlier, people really like limiting accessibility to their content. However, they often do not understand the implications. Site Owners generally understand the “Owner-Full Control”, “Member-Contribute” and “Visitor-Read” sets of roles and permissions. But when it comes to a list or library within their site that needs different access, things get complicated. Common issues are:

  • They forget to remove groups, so everyone can still read everything.
  • A new owner does not know the list/library has different permissions and does not understand why the audience can not see a certain list/library. Or worse, they see something that (s)he does not!
  • They forget that permissions are no longer inherited, so adding a group to the site no longer means that group automatically has access to the secured containers. You have to give them access to those containers as well.
  • A new group is being created with access to only one library or list. This new group gets an “access denied” message when they try to enter the site.

Which key(s) do you give your team site users?

Giving access to a team site is like giving a key to your house. You give your groups the key to your front door. Once they are in your house, they can access most rooms freely. Everybody will understand that one or two rooms will be locked, where only the Owners can go.

Do you ask people to enter the room via the window?

But it is a little strange when all doors are locked and you can not go any further than the hallway and one room, or when you are asked to enter a room via the window.

In other words, giving people access to just one list/library on your site is not the best idea:

  • If you want people to only see one list or library, it means you have to lock down all other lists and libraries. Do you really want to maintain all that?
  • Alternatively, you can ask them to enter via the direct link to the list or library. But that is like asking someone to enter via the window. Not very easy, always suspect and not exactly welcoming.
  • And of course those users will never learn the context of your site.

My suggestion for these situations

  1. Think how much of a problem it really is, to keep your site read-only for those people who need access to one library/list only. Chances are, they do not really care to go to the rest of your site, anyway.
  2. Restrict permissions for a list or library only if it is for one or two lists/libraries and for a smaller audience than your site, e.g. the Owners.
  3. Always mention any special permissions in the description for those lists/libraries to remind you this list/library is different.
  4. In all other cases, rethink. Perhaps a different site or a subsite are easier to understand and maintain.

What do you think, would this be a good way to explain about issues with list and library permissions?

My inspirations have been

If you know any other good examples, please share!