Understanding SharePoint Online File Sharing And When Unique Permissions Are Created

Introduction

 
In the recent versions of SharePoint and Office 365, sharing files or folders is a widely used feature where users can share a specific file to internal or external users. While this helps in quickly sharing a document with different people and to collaborate faster, incorrect usage of this feature could create unique permissions in your document library.
 
As per the SharePoint online limits, there is a service limit of 5000 unique security scopes per list or library. By sharing files very often, one could easily breach this limit. And for large lists/libraries it is advised to keep the unique security scopes to as minimal as possible.
 

Why Does Sharing Create Unique Permissions?

 
Depending on the Link settings when you share a file, it could create unique permissions on the file. As most of the link settings are used to share files to users who do not have access on the files or for the file to be easily accessible with a shareable link, this feature breaks the permission inheritance of the file and assigns unique permission on the file.
 
Let’s understand what type of sharing causes or creates unique permissions.
 
Assuming External and anonymous sharing is enabled on the tenant and the site collection, below are the different link settings available when we try to share a file.
 
Understanding SharePoint Online File Sharing and when Unique Permissions are created
 
Anyone with the link
 
Creates a link which can be accessed by anyone (internal or external users) without signing in to Office 365.
 
People in <organization> with the link
 
Creates a link which can be accessed by internal users who are signed in. Anyone within the organization with the link can access the document. External users cannot access even if they have the link. People can forward the link to others, and the file is accessible.
 
People with existing access
 
Provides a link that can be used by people who already have access to the file or folder. It does not change the permissions on the file/folder. Use this if you just want to send a link to somebody who already has access.
 
Specific people
 
Creates a link that is accessible only by the specified people. Both, external and internal users can be specified for this type of link and require the users to sign in. It doesn't work if users forward it to others.
 

Which sharing option creates unique permissions?

 
 
It is important to use the right sharing settings to avoid creating unique permissions. When we know that an internal user is already having access to the file and we want to share the document link for quick reference, it is suggested to use ‘People with existing access’ setting rather than ‘People in <organization> with the link’.
 
Also, when we remove the Sharing Links of a file, the permission inheritance of the file is not reset, and the unique permissions on the file are still retained. It’s suggested to periodically check for unique permissions in your document library and remove them when not needed.
In my next article, I will explain about ways to manage the shared links and remove unique permissions in a document library.
 
Share with care!!