Created sharing links should respect permission inheritance settings and link (permission) should be visible in UI
The Share feature apparently creates a new security principal that overrides the classic SharePoint permission model. These security principals neither can be seen, nor broken on lower levels in the hierarchy. This makes the tracking of who has permission to what at any given time impossible. (Technically it is possible, but the logic would be throttled by the SPO service.) The issue appears for internal, guest and anonymous links as well.
We need a way to be able to keep track of what is shared on what level. (The announced feature of sharing report is not providing the necessary information.) Please make sure the links created through the Share feature:
- Appear on every level of the hierarchy
- Are reportable through the APIs
- Respect existing broken permission inheritance
- Can be broken at any time
For example: You have a document library with a folder structure of 3 levels. You break the permission on the second level. You create a Link through the Share function on the first level to a user (User1) that should not have access to the second (and third) level folders. You check the sharing status on the second an third level and see that the folders are not shared, and User1 does not have access to the folder. When using the Check Permission function you also see User1 showing up with the proper permission, but you do not see from where this permission is inherited. User1 will have access to any existing and new items created under the second and third level.