SharePoint Online权限组 [英] SharePoint Online Permission Groups

问题描述

在我的团队网站上，我在大多数子网站和库上的权限继承都已中断，只能访问特定的用户组(在Office 365中创建的安全组).继承中断时，将复制默认系统组. 我担心的是，如果用户被意外添加到其中一个组中，那么他们将获得他们不应该访问的区域的访问权限，因此我想删除这些区域中的组.这样做之前有什么考虑事项吗?

Across my team site I have broken permission inheritance on most subsites and libraries to give access to only specific groups of users (security groups created in Office 365). When the inheritance was broken the default system groups are copied across. My concern is that if a user was accidently added to one of these groups they would gain access to areas they shouldn't so I would like to remove the groups in these areas. Is there any considerations before doing so?

默认组列出为:

批准者-设计者-Excel Services查看器-层次结构管理员-受限读者-翻译管理员-团队站点成员-团队站点所有者-团队站点访问者

Approvers - Designers - Excel Services Viewers - Hierarchy Managers - Restricted Readers - Translation Managers - Team Site Members - Team Site Owners - Team Site Visitors

此外，还有一个链接显示进一步的受限访问并显示这些组:

Also there is a link that shows further limited access and displays these groups:

通过"SharePointHome OrgLinks查看器"浏览
通过样式资源阅读器"给出
这些团体是什么?我在另一篇文章中读到了这些不应该删除的内容吗?

Given through the "SharePointHome OrgLinks Viewers"
Given through the "Style Resource Readers"
What are these groups? I read on another post these are the ones that shouldn't be removed?

TIA

TIA

推荐答案

要从破坏继承的子站点中删除组，您要做的就是从这些组中的权限中删除权限.这些位置.这些组仅维护在网站集级别.如果您将它们删除在一个地方 您将在任何地方删除它们.复制的是分配给组的权限.如果您从子站点中的组中删除该权限，则该组将从该子站点中消失，并且添加到该子站点中的新用户将无效.

To remove the groups from the subsites where you've broken inheritance all you have to do is remove the permissions from those groups in those locations.  The groups are only maintained at the site collection level.  If you delete them in one place you will delete them everywhere.  What is copied is the permission assigned to the groups.  If you remove the permission from the group in the subsite then the group will disappear from that sub site and new users added to it will have no effect.

受限访问"不授予用户查看特定位置任何内容的任何权限.它只是使用户有权越过该位置，到达他们有权使用的其他位置.举例来说，如果您明确指定 用户对子站点的权限，那么他们将被授予对子站点上方根站点的受限访问"权限.这样一来，他们便可以遍历根站点以到达子站点.系统使用您上面列出的组来提供 用户访问特定的库或其他系统资源.例如，样式资源读取器"组为用户提供了对样式库的读取权限，SharePoint可以在其​​中存储自定义CSS.

'Limited Access' doesn't give a user any permission to see anything in a particular location.  It simply gives the user the right to cross that location to get somewhere else where they have permission.  So for example, if you explicitly give a user permission to a subsite then they will be given 'Limited Access' to the root site above the subsite.  That gives them the ability to traverse the root site to get to the sub site.  The groups you listed above are used by the system to give the user access to specific libraries or other system resources.  For example, the Style Resource Readers group gives users read rights to the Style Library where SharePoint can store custom CSS.

这篇关于SharePoint Online权限组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！