Take a look at Image one and two here:
http://imgur.com/MlYt32F,i4zPwwh#0
What we are seeing is that in an empty library with no files, simple OOB PS Scripts show that there are some users with limited access yet they are neither added to the list/site or site collection. Where could we have this from? Typically this would be trivial but because of the confidential nature of content to be stored, this has become a serious question from business. Hope it’s something straightforward.
Thanks,
Samir
I believe that if a user is accessed or “tested” by the SharePoint API, the user will end up added to the permissions lists with “limited” permissions. Â Effectively, it is no permissions as far as I’m aware.
For example, if you have a People Or Group field called “Employee” in a SharePoint list called “Employees”. Â If you add a row for the employee “Bob Smith” to the list and populate the Employee field with his name and SharePoint “checks” it (little check box beside the name), I believe this is when you will see the permission appear.
Please note that I believe this is the case and I’m not 100% sure and this would need to be tested. Â I also recall seeing that documented somewhere, but I can put my finger on it.
update:
After some testing just found out that in SharePoint 2013, if you use PowerShell and specifically the ‘RoleAssignments’ property you will see ‘Limited Access’ for users who have access at the lower level (as expected). However, this seems to be deprecated in the 2013 UI when you run check user permission at the same level for the same user. In SharePoint 2010 user permission check returns ‘limited access’ as answer which is consistent with PowerShell. I assume MS deprecated it because of how well those words were received by the business. If anyone else has more input in this, would love to hear but wanted to share what I found in case anyone else runs into this.Â
