search cancel

Understanding Permission Inheritance for remediation actions

book

Article ID: 238636

calendar_today

Updated On:

Products

CASB Gateway CASB Gateway Advanced CASB Security Advanced

Issue/Introduction

Information regarding permission inheritance for remediation actions.

Resolution

Permission inheritance does not need to be disabled for the remediation actions to activate in all cases. 

Explanation of Limitations
-------------

1. Remediation will work only on files and folders not on document_library or site's list
2. Remediation will work if,
    A. Either file or folder has its unique permission (not inheriting parent permissions)
    B. File or folder are inheriting permissions from parent. But top parent should be folder and that top parent folder has unique permission (it should not be inheriting permissions of document_library or site's list)

Example cases
----------------

1. If a file is present on top level of document library AND it has unique permission --> remediation on that file will work
     - This implies permission Inheritance has been disabled for the Top-Level Folder
     - Or permission Inheritance can be disabled for File itself. And Top-Folder can be inheriting permission.

2. If a file is present on top level of document library AND it is inheriting permission from document library/site's list --> remediation on that file will NOT work
     - This implies permission Inheritance is enabled for the Top-Level Folder
     - And permission Inheritance is also enabled for File itself.

3. If a file is present under folderX, and that folder is present on top level of document library/site's list:
     A. If file has a unique permission then remediation on that file will work regardless of permissions of its parent folder or any inheriting permissions.
     B. If file is inheriting permissions from folderX. So if folderX has unique permission then remediation will work on that file and its parent folderX
          - This implies permission inheritance has been disabled for folderX
     C.  If file is inheriting permissions from folderX. So if folderX is inheriting permissions from document library/site's list then remediation will NOT work on that file and its parent folderX
          - This is the default configuration for SharePoint Sites.