Sharepoint: Is there a maximum number of permission levels?

Question

Hi,

I get an error when trying to add a new permission level that due to a "contingency limit" I cannot add another permission level. I should delete an existing one and try again. (Sorry, no original error msg as this originates from a German WSS install, hence this is just a translation).

There are about 1000 permission levels already. I know about Sharepoint's (WSS 2007 / WSS3) limitations relating to security principals like explained here, but I don't know of any limitations relating to permission levels.

Is there any way to group the permission levels? I need as much as 2000 permission levels as there are many constellations of access rights per group.

-------------------------- EDIT: --------------------------
I might have not made myself clear. I am talking about Sharepoint permission levels, not groups, not roles. Google's first hit for sharepoint permission levels is what I am talking about. My problem is that I need a totally granular control over who of my users has access to what document. Mulitple site collections with mulitple sites on multiple databases exist already to handle the buckload of documents to circumvent the limits of Sharepoint. But the bottleneck are the permission levels:

Assuming I have these roles:

Role A
Role B

and these different kind of documents you can upload (custom property per file):

Document with custom "Type" Invoice
Document with custom "Type" Question
Document with custom "Type" Answer

Now there is a huge number of roles and about 50 different kind of document types. And these two things - roles + kinds of documents uploaded can be combined with permission levels:

 Create    Document "Type" -> Permission Level
 Role A -> Invoice         -> Create
 Role A -> Question        -> Create, Read, Write
 Role A -> Answer          -> Read, Write
 Role B -> Invoice         -> Read
 Role B -> Answer          -> Write

There are no "simple" permission levels per document (e.g. Invoice = Always Create permission) as it always is a combination of the role and each document (additionaly the role has read/write permissions per site collection and site). This whole structure is overly complex - hence my one and only question: Does Sharepoint have a limit on the maximum number of permission levels per site collection/per farm? If so, where is this limit specified?

Answer 1

Why are you using this much permission levels? We can't create 1000 permission levels without duplication. Or you wrongly said “Group" as permission level?

We can give same permission level for deferent group in deferent sites in a site collection.

So try to use existing permission level rather than creating new one.

Answer 2

What do you mean by permission levels?

I've seen an app where having 1000's of groups caused the entire application to slow to a crawl (apparently SharePoint enumerates the all site collection groups in some functions). It was ultimately unsustainable and the app had to be split into multiple site collections.

If you are hitting a limit like this; this limit is probably there for a reason and you are setting yourself up for problems. Maybe rearchitecting your information architecture or a custom role provider is a better solution?

Answer 3

Usually, if you go through that much trouble to get Sharepoint to be efficient for you, then you aren't using Sharepoint properly. There is a different way to solve the problem you have at hand. Creating 2000 permission levels would be very counter-productive! Think about what you want to do.

Why not make different sites for the different categories of roles that you want to do, and give permissions out to those people accordingly. People do not have to be set in groups (although they are strongly recommended). You can give limited access to any or all of the users, for whatever they need access to. When something says "Limited Access," it usually means they have rights to a document library or site, but not everything inside of it.