This has been around for a while but since I still get questions about it from clients I figured I would post an explanation that may be a little more visual that other explanations.
When you start customizing security on your SharePoint sites by breaking inheritance at different levels you may start to see your nice clean permission lists be infiltrated by “Limited Access”. MSDN explains the “Limited Access” permission level as:
Allows access to shared resources in the Web site so users can access an item within the site. Designed to be combined with fine-grained permissions to give users access to a specific list, document library, item, or document, without giving users access to the entire site. Cannot be customized or deleted.
Let’s look at a scenario:
Because we’ve broken inheritance at the document library and given John access to the document library but NO access to the parent site SharePoint automatically gives John “Limited Access” to the parent site to ensure that John has the rights to traverse the site in order to reach the document library. No actual permission to any resources at the site level have been granted.
One tool that looks promising but I haven’t used personally can be found on codeplex here: http://www.codeplex.com/SPLimitedAccessDisco