Understanding SharePoint Permissions Inheritance

SharePoint security can be complex and confusing, but permissions inheritance can make it easier. Learn how to use, and when to break, inheritance in SharePoint.

Permission inheritance is a more complicated aspect of SharePoint permissions. It can be very helpful if used correctly. In this post, I'll detail what permission inheritance is and how to set it up. If you want some background info about SharePoint groups and permissions, check out this post first. With that, lets get started!


What Does "Inheritance" Mean?

Before we talk about permissions, we need to understand the meaning of the term "inheritance."

Simply put, inheritance is when a parent object gives its properties to its child objects. The child is included under the parent object, but is its own object. Think of a rectangle and a square. A square has all properties of a rectangle, but it is a separate entity.

Why is this important? Inheritance can be extremely useful in multiple cases. When you create a child object, it automatically takes on the functionality of its parent. This can save you a lot of time.


SharePoint Permission Inheritance

Here's how inheritance applies to SharePoint permissions. In SharePoint, the site hierarchy is the parent-child relationship. A site is the parent of a subsite. A subsite is the parent of a list or library. A list or library is the parent of its items. In these cases, the child inherits aspects from the parent.

In SharePoint, children automatically inherit permission levels. For example, if a user has access to a subsite, they will have access to that subsite's libraries. Therefore, you can set permission settings on a site's top level and they will flow down to all children - aka the entire site.

However, you also have the option to break inheritance. When you change the permission levels for a child, you break inheritance. This means that it no longer inherits permissions from its parent. For example, you may only want a specific subset of users to access a certain subsite. In this case, you would break inheritance and set a higher necessary level. In this case, all the children of this item will follow this new inheritance. Breaking inheritance can be extremely useful for setting higher permissions for subsites. This is an efficient way to handle sensitive information.


Permission Inheritance Best Practices

If a user breaks inheritance at a low level, they create fine-grained permissions. In many cases, you should avoid fine-grained permissions. Although they can be used to give access to single items in a site, they can cause several problems. When overused or used incorrectly, they can cause both performance and security issues. To avoid issues with fine-grain permissions, consider the following.

If you don't have to break permissions, don't. Although this tool can be very useful, only use it as much as you need to. Additionally, whenever you do assign permissions, try to stay as high up in the hierarchy as you can. The further from the root site you get, the more convoluted it can be.


How to Break Inheritance

Since permissions are automatically inherited, I'll explain how to break inheritance in a subsite. Follow these simple steps on your subsite.

1. Go to Site Settings

2. Click on Site Permissions (Under the Users and Permissions section)

3. Click 'Stop Inheriting Permissions'

This site has now broken its inheritance. If you do not see this option for some reason, you may not have the required permission level.


Permission Inheritance is incredibly useful. It will help you set your site up in a safer, more efficient way. Additionally, by breaking inheritance, you can store sensitive information securely. Now that you know all the basics of SharePoint groups and permissions, its time for you to make a permissions plan. This plan is essential for any company setting up groups and permissions. 

Stay tuned for the next post in this series to learn some tips for setting up your SharePoint permissions plan.

Written By