We currently operate a large single repository for company data with a list of Root folders in that library. Each folder has a logical business owner. When someone wants access to one of those folders. They request it via IT, IT Contact that owner and receive authorisation, then add the permission to the root folder (via AD Groups).
We are trying to move towards departmental sites however we want the document library to be controlled by the department manager, and rather than grant everyone access to all the files in that library, give everyone to ability to see the libraries root files, but then if they try and access it, they will be presented access request page. I know I can do this for sites or libraries, but can this behaviour be attributed to sub folders in any way?
Hi Beau,
Thanks for your reply. The idea is to create a very structured directory structure under each team site. The “team” library should be enterable (for lack of a better word) for all, with edit permissions for all of the department. We may then need to give a subfolder permission to particular user. However that user shouldn’t have access to the rest of folders at that root level.
I know that can be done from the “library settings” area, and explicitly add permissions, but we want to give the departmental managers the ability to review and approve these requests via the Request Access method, as apposed to having to mess around with the permissions settings you would do as an IT Admin.
For example.
Team Site : Engineering
Team Members : EngineeringMGR, ENGINEER1, ENGIEER2
Folders : Departmental Operations, Projects, Drawings, Archive
Now, we have FinancialController. He needs access to the Projects folder as he is a primary stake holder.
He should be able to go to Engineering library and see the 4 folders, when he clicks on Projects, he should be presented with the “why do you want to access this site” message. Submit a request, which gets sent to the EngineeringMGR who reviews and approves, without going through the “back end” style method of assigning specific permissions.
One thing I’d like to make clear is that implementing item level permissions (folders or items) is not best practice. Even if you are managing the permissions via groups, from an audit perspective, you start to lose track of who has permission to what and where permissions were granted. By all means it is possible to give everyone “read” access to your document library. Then give item level permissions to a Folder (access request). You could still store documents in the root and then any documents under the folder, would have different permissions. You would not be able to show them the files, without granting them explicit permissions to it.
My question is – What is the purpose (use case) of giving them access to the root folder but when they try to access the files to make them ask for access?
