UPDATE 11/03/08: Be sure to read the excellent and detailed comment from Dessie Lunsford to this post.
I’ve been working on a secret tech editing project for an up-coming book and it references this blog entry by Tyler Butler on the MSDN ECM blog. This is the first time I personally read a clear definition of the meaning of Limited Access. Here’s the meat of the definition:
In SharePoint, anonymous users’ rights are determined by the Limited Access permission level. Limited Access is a special permission level that cannot be assigned to a user or group directly. The reason it exists is because if you have a library or subsite that has broken permissions inheritance, and you give a user/group access to only that library/subsite, in order to view its contents, the user/group must have some access to the root web. Otherwise the user/group will be unable to browse the library/subsite, even though they have rights there, because there are things in the root web that are needed to render the site or library. Therefore, when you give a group permissions only to a subsite or library that is breaking permissions inheritance, SharePoint will automatically give Limited Access to that group or user on the root web.
This question comes up now and then on the MSDN forums and I’ve always been curious (but not curious enough to figure it out before today ).
Subscribe to my blog.
Follow me on Twitter at