SharePoint Tip #28. Do you know “that Limited Access permission used to traverse access to items”?

SharePoint provides different levels of permissions, from the “Full Access” to “Limited Access”. Last one is not documented clearly and designed to cover some side-effects of item’s hierarchy.

Cite from “Permission levels and permissions” article:

The Limited Access permission level is designed to be combined with fine-grained permissions to give users access to a specific list, document library, item, or document, without giving them access to the entire site. However, to access a list or library, for example, a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. The Limited Access permission level cannot be customized or deleted

“Limited Access” allows no direct access to site content at all, but is intended to allow users to traverse the site in order to access the items within it that they have explicit permissions to see.

For example, the user might have access only to one page of a site, but still need access to style sheets and other supporting site infrastructure in order to view it. In that case the user would need “Limited Access” permissions on the site and “Restricted Access” to the page.


Current “SharePoint Tips and Tricks” series has been moved to its own “SharePoint SandBox” site,to leave the place for others SharePoint posts on this blog


  1. Will Said,

    April 16, 2009@ 11:46 am      Reply

    I have a specific user set to access a folder within a document library of a site. As a result, that user was granted ”limited access” on the ”site permissions.” When I login as that user, I can navigate almost any lists/document libraries on the site, so long as they have inherited the ”limited access” of the site permissions. One location that I cannot access as that user is the main default.aspx page. The site is not a published page, so it simply exists on the root of the site name. Is there something I am missing?

  2. laflour Said,

    April 16, 2009@ 10:18 pm      Reply

    What are the permissions for the default.aspx page?! Do you have “Restricted Access” to be set on this page for the current user?!

  3. Matto Said,

    June 24, 2009@ 10:33 am      Reply

    i want to copy an agroup from one site to another but this group have limited access so an exception arise while running my application.
    do you have any idea to copy this group with this limited access or any other idea will support me?

  4. laflour Said,

    June 24, 2009@ 1:08 pm      Reply

    answer was published on our “SharePoint Tips and Tricks Site” as a part of Q&A section
    You answer is #8

  5. Matto Said,

    June 24, 2009@ 4:07 pm      Reply

    thank you sir for replay,

    but these technique doesnot solve my problem, plz, let me display my problem with more details.

    now, i want to copy groups only with thier permission leve from on site at a web application to another site at a different web application.

    while running my own application to do that an error arise that report that ” you cannot add users to limited access permission leve.” this because there are groups have limited access permission.

    thank you for your pateient with me, can you help me sir?or if you have another idea plz support me with it.

  6. laflour Said,

    June 24, 2009@ 9:28 pm      Reply

    What do you use to copy groups + permissions?

  7. Matto Said,

    June 28, 2009@ 5:15 pm      Reply

    thank you for your replay sir,

    sir, my problem is afetr migrating sps2003 to moss2007 i found that groups that we use when we create new users is incomplete so i try to update and complete this groups with correct permissions.

    so i develop an application that read site group of a web application that have complete group and copy this group with it”s permission to web application that have in complete group but some error arise report that you can not ” you cannot add users to limited access permission leve.” this because there are groups have limited access permission.

    thank you for your pateient with me, can you help me sir?or if you have another idea plz support me with it.

  8. Matto Said,

    July 2, 2009@ 8:17 am      Reply

    sir, do you have any solution for my problem.


  9. laflour Said,

    July 3, 2009@ 6:47 am      Reply

    why you? groups are incompleted after migration?!
    Did you use STSADM -o export/import with -includesecurity parameter?!

    did you consider creating security groups from scratch for your new site?

  10. Matto Said,

    July 6, 2009@ 8:50 am      Reply

    thank you sir for replay,

    i”m using content database migration to migrate sps2003 to moss2007 using stsadm command(addcontentdb)
    but i discover that groups that exits in moss2007 is incomplete and limited access permission not exit in these groups so i try to read it from complete groups in another web application.and also there are groups which have only limited access so these groups without these limited access permission appears as the following (Style Resource Reader[No access]).

    this all what i”m doing.

    thank you sir for your pateient with me, can you help me sir?or if you have another idea plz support me with it.
    thsnks & Regards

  11. laflour Said,

    July 7, 2009@ 9:54 am      Reply

    I reckon that the best solution is to write down all existing groups and permissions in SPS2003 (for example in excel) and recreate them in MOSS2007.
    Except missing groups you also can find that permission inheritance is broken.
    It”s better to review existing security and plan new one for you new site.

  12. Vincent Said,

    July 13, 2009@ 11:55 am      Reply

    Hi Michael

    I have a question regarding this Limited Access I”ve been trying to solve for a while …

    I have a site with several librairies with several documents per library.
    I want to give a user access to one document in one of the libraries.

    I give the user ”read” access to the document and he also gets Limited Access to the above library and site.
    Now the user can enter the url for this library and will only see the document he has access to.

    But some problems arise.
    The user does not see the menu-item for the site.
    And when he is in the site he sees all the other libraries too …

    So my question is, how can I give a user access to a document so that he will see the site in the above menu and when he cliks the site-item he only sees the library with his document ?

  13. laflour Said,

    July 13, 2009@ 12:44 pm      Reply

    All discussion moved to

    I replied there

RSS feed for comments on this post · TrackBack URI

Leave a Comment