SharePoint Server 2007 Help and How-to

Enable anonymous access

What do you want to do?

bookmark link Anonymous access considerations

bookmark link Enable anonymous access on a site

bookmark link Enable anonymous access on a list or library

About anonymous access

When you enable anonymous access to a Web site, you allow anonymous users (and authenticated users who have not been granted access to the site) to browse the entire Web site, including any list, library, folder within a list or library, list item, or document that inherits its permissions from the Web site. If anonymous access has been enabled by the server administrator, members of the Site name Owners SharePoint group can do the following:

Grant anonymous access on a site.
Grant anonymous access only on lists and libraries.
Block anonymous access on a site.

The following table lists different anonymous access options and describes the abilities that are granted and not granted to anonymous users (or to authenticated users that have not been granted access to your site) when an anonymous access option is selected.

Enabling anonymous access on	Grants anonymous users the ability to	Does not grant anonymous users the ability to
Entire Web site	Browse your entire site. Read any lists, libraries, or folder within a list or library that inherits its permissions from the site, and open and read any list items or documents in those lists and libraries.	Change the content, by default.
Lists and libraries	Read lists and libraries on which the View Items permission has been granted to anonymous users. Notes Because the View Items permission is not set by default, anonymous users will not be able to view any lists or libraries, by default. To set the View Items permission on a list or library, the list or library must be using unique permissions. Lists and libraries that inherit permissions from the site cannot be viewed by anonymous users.	Browse the site. (The Limited Access permission level is assigned to anonymous users at the site level which enables anonymous users to access lists and libraries.) Change the content, by default.
Nothing	Not applicable	Access the entire Web site and all lists and libraries inside the Web site, including lists and libraries with unique permissions.

Enabling anonymous access on

Grants anonymous users the ability to

Does not grant anonymous users the ability to

Entire Web site

Browse your entire site.
Read any lists, libraries, or folder within a list or library that inherits its permissions from the site, and open and read any list items or documents in those lists and libraries.

Change the content, by default.

Lists and libraries

Read lists and libraries on which the View Items permission has been granted to anonymous users.

Notes

Because the View Items permission is not set by default, anonymous users will not be able to view any lists or libraries, by default.
To set the View Items permission on a list or library, the list or library must be using unique permissions. Lists and libraries that inherit permissions from the site cannot be viewed by anonymous users.

Browse the site.
(The Limited Access permission level is assigned to anonymous users at the site level which enables anonymous users to access lists and libraries.)
Change the content, by default.

Nothing

Not applicable

Access the entire Web site and all lists and libraries inside the Web site, including lists and libraries with unique permissions.

Caution Enabling anonymous access makes a Web server inherently less secure because anonymous users and authenticated users that have not been granted access to your site can potentially change settings or content on your site or launch a denial of service attack against your server, and their actions cannot be traced to an authenticated user account.

Top of Page

Anonymous access considerations

When you enable anonymous users to view your site, lists, or libraries, anonymous users can discover site information, including user e-mail addresses and any content posted to lists, libraries, and discussions. When you grant anonymous users permissions other than Read on lists and libraries, anonymous users can contribute to lists, discussions, and surveys, and edit documents, all of which can adversely affect server disk space and other resources. To create a more secure site, list, or library, do not enable anonymous access.

Anonymous users cannot open sites for editing in programs that are compatible with Microsoft Windows SharePoint Services such as Microsoft Office SharePoint Designer 2007, nor can they use the Web Folders protocol in Windows (that is, they cannot view the site in My Network Places).

Tip Instead of granting anonymous access, you can add the Authenticated Users Windows security group to the Site name Visitors SharePoint group. This grants all authenticated members of your Windows domain read access to your Web site. Unlike actions of anonymous users, actions of authenticated users can be traced back to users. For more information about adding users to SharePoint groups, see Manage SharePoint groups.

As is the case with other permissions settings, when you grant anonymous access on a site, you also grant anonymous access on subsites that inherit permissions from the site.

Top of Page

Enable anonymous access on a site

To perform this procedure, an administrator must have enabled anonymous access for the Web application. If they haven't done so, the Anonymous Access option does not appear.

Open the site on which you want to enable anonymous access.
On the Site Actions menu , click Site Settings.
Note On a site for which the Site Actions menu is customized, point to Site Settings, and then click the settings that you want to view.
On the Site Settings page, in the Users and Permissions column, click Advanced permissions.
On the Permissions page, on the Settings menu, click Anonymous Access.
On the Change Anonymous Access Settings page, select the parts of your Web site that you want anonymous users to access.

Note For more information about the options available on this page, see the previous table.

Top of Page

Enable anonymous access on a list or library

Notes

Use this procedure only if you have enabled anonymous access on a site as described in the previous procedure and have granted access to either the entire Web-site or only lists and libraries in step 5 above.
The following steps can only be performed on a list or library that is using unique permissions.

Open the list or library on which you want to enable anonymous access.
On the Settings menu, click List Settings or Library Settings.
In the Permissions and Management column, click Permissions for this list or Permissions for this library.

Note The Settings menu is not available on the Permissions page if your list or library is inheriting permissions from its parent site.

If your list or library is inheriting permissions from the site, you must first break the inheritance from the site. To do so, on the Actions menu, click Edit Permissions, and then click OK to continue. Otherwise, skip to step 5.
On the Permissions page, on the Settings menu, click Anonymous Access.
On the Change Anonymous Access Settings page, select the permissions that you want to grant to anonymous users for this list or library.

Note Only the View Item permission is available for libraries. This is to help protect your site from potential script injection attacks.

Top of Page