Home > MOSS 2007, SharePoint 2010, SharePoint 2013 > Interesting Difference Between “View Only” & “Read” Permission Levels

Interesting Difference Between “View Only” & “Read” Permission Levels

October 26th, 2012 Leave a comment Go to comments

As the saying goes, the devil is in the details! This meant to be a note to self, but I thought it might be helpful for some of you too. Here we go:

If John has “Read” permission level to a document named sales.docx, John is able to search and find this document and view it either in Office Web App on the server (in the browser), or in Office client on his computer.

If John has “View Only” permission level to sales.docx, John *can* browse to the document library and see the document, however John cannot open the document in Office Word client on his computer.  Lucky John, if Office Web App is installed, John is able to see the document online. Ok, I get it! John has “View Only” permission level and this level doesn’t have “Open Items” permission (See the product documentation here). So far so good…

Interesting part is here –> If John has “View Only” permission level to sales.docx, he is not able to find it using search.  Furthermore, if he types the URL of the document in the browser address bar (http://SharepointSite/doclib/sales.docx), he receives an Access Denied error. Now, I don’t get it! John has “View Only” permission level. He should be able to find the document via search, and see it using Office Web app just like how he’s able to do so when he browses to the document library and clicks on it!

This leads to two different security access behaviors:

  1. If a user has “Read” permission level to a document, they can always find the document using search or browser and open it in the browser or their Office client app.
  2. If a user has “View”Only” permission level to a document, they can only find and open the document in the browser. In that case, Search doesn’t show the document!

Conclusion: Looks like “Open Items” permission plays an important role in search security trimming on the core search result. This makes people with “View Only” permission level ( With No “Open Items” Permission) not to be able to search for the documents they are already authorized to view. Obviously, you can go ahead and change the OOTB View Only permission level , but then again, that’s not “View Only” permission level anymore!

Make sure you are aware of this difference when planning your site permissions.

  1. chintan
    February 25th, 2013 at 05:45 | #1

    Nicely explained. Thanks!

  2. Nagahamulle
    June 5th, 2013 at 00:11 | #2

    Its very clear & well expained…

  3. John
    November 25th, 2013 at 12:24 | #3

    Is there any sort of fix for this yet? WebApps Server provided functionality around openingcommon files to view (docx/pdf etc) however its causing problems with videos and images

  4. samol pp
    June 7th, 2014 at 06:22 | #4

    but, those users who have permissions to view only , will be able to download the document.
    is it possible to prevent downloading the douments with view only permissions?

  5. samol pp
    June 7th, 2014 at 06:24 | #5

    pls help me , if its possible with programmatica way either in a feature receiver ,
    such that i can apply my custom permission to view only but NOT downloaded.

You must be logged in to post a comment.