Thursday, March 14, 2013

SharePoint permission groups disappear when sites are deleted

This one really bugged us for a while. Seemingly at random some of our permission groups suddenly disappeared into thin air, leaving lots of users unable to access their SharePoint sites and content.

After doing some research we found that in every instance this was related to groups originally created for sites that were deleted some time ago. These permission groups at first seem to live on happily even after site deletion, but reusing these groups for new sites will come back and kick you hard.

The fact is that when you delete a site, the site lives on in the Recycle bin for 30 days (default setting), hence the site is not deleted but rather marked for deletion. And actually so are the permission groups originally created for the site during site creation. (These groups are only created if you do not opt for permission inheritance, of course.)

The big draw back is that there is no way to identify that these groups in fact are marked for deletion!

So, guess what happens then after the Recycle bin period is over and the cleanup job does what it's supposed to do? The site and permission groups are gone.

So. Best practice is to not keep using these permission groups, but rather always create new permission groups when creating new sites that need dedicated permissions. Or create permission groups outside of the site creation wizard and hook these up to your sites manually.

:-) Henning

No comments:

Post a Comment