Unique level permissions with Anonymous access


In case you have not noticed, it is not possible to break inheritance for items and enable anonymous access for them.

Consider this scenario :- you have an page library that has 2 pages Dept1news.aspx and Dept2news.aspx. You want only user1 who is a member of dept1 to be able to edit  Dept1news.aspx  and user2 to be able to edit Dept2news.aspx.

That sounds to be a fair enough request from any business user and a SharePoint novice would be able to tell you that this can be achieved by using unique permissions for the individual items which is a simple task to do. The problem comes in when you want users to access the site anonymously. So even though individual people have access to edit the pages, assume this is an Internet site, and you want anonymous users to view all pages. Breaking the inheritance causes the anonymous access go for a toss, which means if you try to access the page it asks for authentication.

Now is that a bummer or what. One workaround is to have a property added to the page library that specifies who can access the page and attach an event handler so that if someone else tries to edit, he gets the edit mode page however on clicking the save button, the event handler checks the user and throws a error message, but that’s pretty ugly.

I thought this was a bug for which MS would be giving a fix, and kind of expected it to be fixed in the MOSS Infrastructure update, however found this pretty old link stating that this was due to difficulties in managing anonymous settings. http://yvonneharryman.wordpress.com/2007/11/23/follow-up-on-anonymous-access-and-item-level-permissions-from-sharepoint-connections-07/.

So I guess we are just stuck with it.

Advertisements

One comment

  1. Lan N · · Reply

    Hi,

    Did you ever solve this?
    We have exactly same situation as you, but instead of anonymous access, we have authenticated users. On the page where there are special contribute permission to a user, we get access denied on the extended site.

    Regards,

    Lan N

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: