ShareBlog

This was the response I got from Microsoft about it: “I can explain why anonymous access at folders with unique permission was not enabled in O12. Basically, the difficult is in managing the anonymous settings, not in browse time permission check.

One goal of managing anonymous access is to make sure that if you block anonymous access at a higher level, all contents from that level below should also be protected. And if you enable anonymous access at a lower level, it should not automatically open up contents on higher level.

For example, at web level, the anonymous state has three values: disabled, enabled, open. If it’s disabled, then all lists within the web are off limit to anonymous users, no matter whether the list has unique permissions or not. If it’s enabled, then the web itself (and all lists inheriting permission from the web) is not accessible by anonymous user, but lists with unique permissions MAY be opened to anonymous user.

Now, suppose that we want to allow user to manage anonymous permission at folder/item level. Then the parent scope (could be parent folder, parent list, or parent web) should at least “enable” anonymous access. This means we have to implement “enable” semantic at list/folder level. Also, when you disable anonymous access at web/list/folder level, we must also update security setting on all subfolder/items to remove anonymous access. This will scan the docs table.

This is the reason that in O12, if you set a folder/item to have unique perm, it automatically sets anonymous permmask to 0."