Understanding SharePoint Online File Sharing and when Unique Permissions are created

In the recent versions of SharePoint and Office 365, sharing files or folders is a widely used feature where users can share a specific file to internal or external users. While this helps in quickly sharing a document with different people and to collaborate faster, incorrect usage of this feature could create unique permissions in your document library.

As per the SharePoint online limits, there is a service limit of 5000 unique security scopes per list or library. By sharing files very often, one could easily breach this limit. And for large lists/libraries it is advised to keep the unique security scopes to as minimal as possible.

Why Sharing creates Unique Permission?

Depending on the Link settings when you share a file, it could create unique permissions on the file. As most of link settings are used to share files to users who do not have access on the files or for the file to be easily accessible with a shareable link, this feature breaks the permission inheritance of the file and assigns unique permission on the file.

Let's understand what type of sharing causes or creates unique permissions.

Assuming External and anonymous sharing is enabled on the tenant and the site collection, below are the different link settings available when we try to share a file.

Anyone with the link

Creates a link which can be accessed by anyone (internal or external users) without signing in to Office 365.

People in <organization> with the link

Creates a link which can be accessed by internal users who are signed in. Anyone within the organization with the link can access the document. External users cannot access even if they have the link. People can forward the link to others, and the file is accessible.

People with existing access

Provides a link that can be used by people who already have access to the file or folder. It does not change the permissions on the file/folder. Use this if you just want to send a link to somebody who already has access.

Specific people

Creates a link that is accessible only by the specified people. Both external and internal users can be specified for this type of link, and requires the user to sign in. It doesn't work if users forward it to others.

 

Which sharing option creates unique permissions?

Creates unique permissions

Creates unique permissions

No unique permissions created

 

Creates unique permissions

 

It is important to use the right sharing settings to avoid creating unique permissions. When we know that an internal user is already having access to the file and we want to share the document link for quick reference, it is suggested to use 'People with existing access' setting rather than 'People in <organization> with the link'.

Also, when we remove the Sharing Links of a file, the permission inheritance of the file is not reset, and the unique permissions on the file are still retained. It's suggested to periodically check for unique permissions in your document library and remove them when not needed.

In my next article I will explain about ways to manage the shared links and remove unique permissions in a document library.

Share with care!!