When associating a SharePoint library with Xoralia, Xoralia will respect any permissions that have been set in SharePoint: if a user does not have access to a document, Xoralia will never show that document to the user. Similarly, if you would like to make a document assignment to a user in Xoralia, they must already have access to the SharePoint site before they will be able to view the document. Be sure to check out our article about the Xoralia permissions model in conjunction with this article.

SharePoint permissions are a set of rules that controls what actions users can perform within a SharePoint site. These permissions define the level of access users have to: document libraries, folders, and individual items or files.

SharePoint permissions operate on a system of inheritance, the top-level sites allot their permissions to the objects and content within the site by default. For instance, lists and libraries inherit their permissions from the parent site, while folders inherit permissions from the library in which they reside. Files inherit permissions from their parent library, or from folders if they are nested within one.

When managing permissions at the folder level, subfolders will inherit those permissions, unless inheritance is broken for the subfolders as well. If unique permissions are needed for subfolders, inheritance must be manually broken at each level.

You can break the inheritance model to apply unique permissions to specific objects in SharePoint [libraries, folders, or subfolders] however, it increases the complexity of management. Our recommendation is to set permissions at the highest level possible to simplify management and have less room for error.

For a user to be able to see a document in Xoralia, they must have at least Read access to the SharePoint document library.

We suggest for Xoralia/policy management projects that unless you are a SharePoint expert that you seek advice from a professional, such as ourselves. Broken permissions, though powerful, can cause all sorts of problems that are not necessarily simple to fix.

SharePoint permission levels

Owners …………………. Full control
Members ………………. Editors
Visitor …………………… Read
Restricted view ……….. Read-only, no download, no printing

Site Owners

Site Owners have complete access to the SharePoint site. That’s the highest permission level.

→ Manage site content

→ Manage site settings

→ Manage site content

→ Delete a site

Site Visitors

It’s read-only access to the site, allowing users to view content and download. This applies to documents, pages, events, news, links – virtually any content you have. Visitors can also make comments to a SharePoint pages.

→ Read-only

→ Download

Restricted View

The Restricted View permission in SharePoint is more restrictive than the standard visitor’s permission. It’s a specific permission level designed to provide read-only access to content and restrict users from downloading or printing policies reducing the risk of unauthorized distribution. If the permission level is not visible, we need to activate that permission.

→ Read-only

Enabling “Restricted View” permissions in SharePoint

If the permission level is not visible, we need to activate that permission by following these steps:

Navigate to Site Contents.
Select any document library.
Choose any file and click on the ellipsis (three dots) next to the document name.
Click on Share.

Note: Simply clicking the “Share” button and closing the pop-up modal is enough to enable the Restricted View permission.

Next, update permissions as needed:

Go to Site Permissions > Advanced Permission Settings. You have few options to assign the permissions:

- Update the Visitors group permission from Read to Restricted View.
- Create a new group and set the permission to Restricted View.
- You can also grant permissions to individuals / AAD groups and set the permission level to “Restricted View”.

IMPORTANT: Ensure that users are assigned to the correct group to apply the appropriate permissions.