Brian Blogs on SharePoint

Information, curiosities, and observations about SharePoint and the community.

Sharing documents with ‘Restricted Read’

Posted by Brian Gough on November 16, 2009

I wanted to take a moment and share one way that you can let your team collaborate on documents and make them available to “end users” without having to copy the document somewhere else. After all, one of the primary goals we have is to reduce redundancy in our document storage right?

Well, depending on how SharePoint is implemented in your location there can be several scenarios. I will describe just one here in case it may help any of you.

In my scenario, the company has several levels to their hierarchy, the bottom two being Departments then Teams. The Teams will have their own site collection to use, but this “Team” site is NOT accessible by the masses in the company. They require that the team members work on documents and house them in their Team site. This is fine until the documents the team produces need to be made available to the masses. What then?

One way is to leverage the ‘Restricted Read’ permission. Users with this permission will be able to open a document in a library if given a direct link to the document. They will not be able to navigate to any of the pages for the library or the site itself.

Example: You have a document library called “Group Reports”. You can give a user ‘Restricted Read’ rights on that library,and when you give them a link to a specific document and they will be able to open it and read the document. However, they will not be able to view the AllItems.aspx page for “Group Reports” or any other system page.

This is how we make it work:

Create a SharePoint group or use the Visitors group and add the people to that group that should have this restricted access to the documents. If you want all employees to have this kind of access, you can use the “NT Authenticated Users” account or any AD Security Group if you wish. Make sure this Group does NOT have any access to the site itself. You can check this by looking at your ‘Site Permissions’ to see all the groups and users that have access to your site.

Now, to give that group restricted access to the document library… In the ‘Document Library Settings’, you want to click the link ‘Permissions for this document library’. Then under ‘actions’, select ‘Edit Permissions’. You will get a warning that you will no longer be inheriting permissions from the parent. This is what we want, so click OK.

Next we want to add the SharePoint group we created (or the Visitors group if that’s what you are using), and grant the group ‘Restricted Read’ access.

Now when any member of that group tries to access your site or the library itself, they will get the ‘Access Denied’ message. However, if you give them a direct link to one of the documents in the library, they will be able to open it just fine.

Now the team can have one place to work on all their content and still be able to deliver it to others without them having access to the whole site.

Other points of interest

If you use major and minor versioning, they will only see the last major version.

Whether you send the link via email, use a Content Query web part, or some 3rd party tool to pull the list of documents and render it someplace else, they should still only see the latest major version.

Again, this is just one scenario. What would be best for your particular environment may vary, but at least this may give you an idea or sense of possibilities you were not aware of before.

Good luck!

Advertisements

One Response to “Sharing documents with ‘Restricted Read’”

  1. Hello everyone, it’s my first visit at this website, and post is truly fruitful
    designed for me, keep up posting these types
    of posts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: