SharePoint: You cannot grant limited access permission level

My team implemented a UI to assign/revoke permission levels to users on a certain SharePoint list. The UI supplies an "undo" feature to restore the rights the user had before they were changed through our UI.

Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a change over the UI. When trying to Undo, the permission level should开发者_C百科 be added again, which leads to a

You cannot grant a user the limited access permission level.

SharePoint grants that permission level automatically when a user gets access to some entity beneath the site. It cannot be granted manually. This permission level is then inherited by all lists in the site. However, after breaking inheritance on a list, I can revoke the right manually, only, I cannot re-grant it afterwards.

So SharePoint treats that permission level quite particularly and I'm wondering how to work around that in our undo feature.

My questions:

• Did I get it right that this "limited access" is granted by SharePoint on the site level only, and all the lists beneath only contain that accidentally through inheritance?
• Does that permission level have any effect at all on a list, or does it only apply to the site itself?
• So, would it be save to just remove it from a list and do not add it anymore when the user clicks "undo", since it has no effect anyway?

I dare to answer my own question just for reference for future readers:

According to Microsoft's article Permission levels and permissions,

The Limited Access permission level cannot be customized or deleted.

and

(...) Windows SharePoint Services 3.0 automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, Windows SharePoint Services 3.0 automatically grants them Limited Access on the list, and also the site, if needed.

In practice this means that:

• If you can delete it, that's only because it has been inherited and has no meaning on that certain list.
• If later on a user is granted some permissions to a certain list item, so that he needs the Limited Access on the list, SharePoint will take care of adding it again.
• Summarized: No concerns to remove and not re-add that access level.

Removing a user with Limited access on the top level site should not actually remove their explicit access on the list or library below (with broken permissions) but MS do say in the above mentioned article:

However, to access a list or library, for example, a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. The Limited Access permission level cannot be customized or deleted.

This suggests that the user's Limited access should be declared on the site permissions. I think its always best to do a test on your site first before making any assumptions.