开发者

SharePoint Using BreakInheritance and dealing with ACLs

开发者 https://www.devze.com 2023-02-17 20:47 出处:网络
I\'m working with a couple of document libraries that need granular list item permissions where some groups may see certain list items, while others cannot.The obvious solution seem to be to break inh

I'm working with a couple of document libraries that need granular list item permissions where some groups may see certain list items, while others cannot. The obvious solution seem to be to break inheritance on the list items and assign permissions individually. The problem is that some of these libraries are ~10,000 list items in size and growing.. and from what I understand that could be a big issue for assigning permissions like this for so many items.

From what I understand, an Access Control List (ACL) is created for each time inheritance is broken at a given scope (a scope being at the site level, list, list item,开发者_JAVA百科 etc..) So if I break inheritance on 10k list items, I've just created 10,000 ACLs which is the limit that SP can store before coming to its knees and throws up an error (see: http://blogs.msdn.com/b/willstan/archive/2009/03/03/the-attempt-to-release-mutex-not-owned-by-caller-exception-what-is-it-and-how-to-avoid-it.aspx).. this all seems kind of bad. Apparently there is a KB that gets rid of that error (http://support.microsoft.com/kb/968859), but this technique still seems questionable if it's generating so many ACLs.

Any opinions on this?


Yeah, not only do you get that problem, but maintenance becomes a massive nightmare as you have no idea which item is permissioned for whom. Much better to break out the permissions per library and move the items.

While it is hard to move the documents with history etc to start with, the savings in continued pain and suffering are massive.

You can combine the two document libraries using content webparts.

Otherwise you can create folders and permission things that way.

So my 2 cents worth is to create a library or folder for each major different permission levels you require and a script to move the content.

For me, folders are not as good, but the advantage is that they do keep everything to a single list.

Also note that SharePoint has a limit of 5000 items per query, so you may be getting some value from separting your list a bit.

0

精彩评论

暂无评论...
验证码 换一张
取 消