Unveiling the Secrets of SharePoint Permissions!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome everyone to Power Hour I'm Laura Rogers and this is Joelle jobson and today our topic is going to be SharePoint permissions you voted overwhelmingly so we'll go over how to do SharePoint permissions on team sites and communication sites and everything else like um item level list level all the different little nuances or really digging deep and this is going to be an excerpt from our training course called site management at iwmetro.com so let's get started with the Stinger [Music] all right so Joelle SharePoint permissions they voted overwhelmingly it had like triple the number of votes of the other options so SharePoint permission seems to be a really popular topic and it it's weird because SharePoint permissions has always been like this the most complicated confusing thing in SharePoint to to grasp to kind of get your head around especially when you're new to it and Microsoft over the years has become aware of this and they've tried to simplify it drastically so it's pretty simple they made the interface pretty simple for sharing things with people on sites um they made a pretty simple sharing you just basically make somebody an owner or a member or it has some very simple sort of levels you can share with people but you can still do some more complex things but they just didn't I guess they didn't want people to be presented with so many choices when you're trying to just share a site with someone so we're going to go over the simple options and we're going to go over just some basic high-level Concepts and then we're going to go over the stuff that's been obfuscated when you know because they've tried to make it more simple they've kind of hidden some of the little nuances of kind of more advanced things that you want to do so it makes total sense I mean because you have so many new companies flocking to the cloud over the last couple of years um you didn't want to have this roadblock of permissions being so confusing to give people access to something so um this is actually an expert excerpt like I mentioned we have a course called site management as part of our ultimate plan at iwmintor.com so this is going to be an excerpt of the slides from that course since this is the topic you all chose I figure I already have these slides I may as well just go through those so we're going to go over the concepts of I'm going to build a team site and build a communication site and we're going to go over the high level concepts of the differences between those two and then we'll go into a lot of Concepts that are common across both of them so if you're new to Power Hour we have a chat so wherever you're watching this video there's a link to request to join below the video and it's it is a manual process because in teams we have to manually invite people but so you're not instantaneously going to be added but feel free to fill out the form to request a join and hello everyone in the chat and the chat is really fun we have Lively conversations about whatever our topic is and you can ask questions and we can have fun little discussions about permissions today okay so um they're already talking about Halloween and free candy and this is going to be fun okay so I'll go ahead and um get my slides up and share my screen there we go okay so um where Joelle your your face is sort of at the top like it's right on top of the you can't do anything about it but it's right on top of the text so I'm not going to worry about it but it's like half of the very first word is cut off I could like I could like shrink you down do like Beetlejuice and like shrink your head even smaller up there you wouldn't be able to see you at all okay so it says managing permissions so permissions management is different sort of at the high at the site level for Microsoft 365 groups and communication sites so if you are on a SharePoint site the quickest way to just look at that site to be able to tell if it's a team site or a communication site is that since team sites are groups it's going to say whether it's a private group or public group at the group at the top of the site now over the years Microsoft has moved the word private group and public group to the left and to the right but it'll be up there somewhere so they've they moved it around so many times I'm not sure where it is today um okay so when you go to a Microsoft 365 group um so these entail when you create a Microsoft team when you create a Microsoft 365 group all these entail the group and the team site and a planner plan it's got several things included with it so this is inherently a group of people but even and if you've created a SharePoint a Microsoft team you might it might not even be obvious that you've also created a SharePoint site so but yes there is a whole Microsoft 365 and site group and site behind that team and if you have a site that's a group that you already have you could create when you create a new Microsoft team you could create that on top of that group that already exists if you'd like anyway so when you're adding people so when you first create your site it prompts you kind of your as you're going through the wizard to go ahead and invite people but what you have is the ability to add members and then when you invite people you just have two this little toggle where you can just choose between owner and member just under each person's name so it's very simple it's owner and members these are the only two roles this is just where you assign who is going to be in each of those roles and it sends them an email when you invite them and then it's slightly different on communication sites because it is also it is not also a Microsoft 365 group you're really just sharing the site with people so that they can have access to the site and it gives you the three different options it gives you full control so it's members owners and visitors basically an owner is full control now it would be nice if they gave those the same terminology but they have different terminology but full control equals owner so you have an edit it equals members and you have the option to send them an email when you add them so I click to share the site I type somebody's name in here and then I choose the little drop down of what permissions we want to give them and we're going to get in depth into those permission levels as well and what those mean um just in general when it comes to owners on both team sites and communication sites um I it is a best practice to just have one or two maybe three owners there is no reason to have more than that um because the main the main difference when it comes to just day-to-day managing the site the main difference between what owners and members can do is really just accepting um you know when people request have access to the site and adding other members to the site because by default inherently all members can also edit the home page they can also add edit delete entire lists and libraries they can add and edit like all the content and all the lists and libraries they can do all these things it's just that owners have that higher level where they can actually manage the permissions so really just keep that in mind one or two two is good you know so you'll have a backup just in case um somebody's not there but keep that a lot of times I go to customers SharePoint sites and um any given site will have like 15 owners on it and that is that's definitely not what you want to do all right so three main permission levels and the settings and site permissions you have full control edit and read owners have full control members have edits this screen only lets you change the permission level for members and visitors and note that communication sites also have a visitors group um again this part is a little bit confusing but when we I get into the demo in a minute I'll go through and kind of make sure it's all very clear and what the differences are um okay so before I get into the concept of external people I'm going to go ahead and do a demo and go through this process of creating a team site and creating a communication site and looking at just kind of what you get on when you do that any questions so far anybody oh okay cool all right I'll go ahead I clicked SharePoint at the top of my um in my tenant and you uh you may or may not in your tenancy a create site button sometimes um your admins might have blocked this so that end users can create sites and you have to go through maybe a provisioning process so not everybody's going to see the create site all right so I'll go ahead and create a team site and my site name is I'll call it demo October and this is giving my suit since it's creating a group of people it's giving the group an email address and this is where I get the site of description I can say private or public and public doesn't mean like to the public it means just public in your company like anybody can join that group so usually I like to choose private because usually it's you have a specific group of people collaborating on something specific um and not necessarily just anyone in the company that wants to join okay so you're the one of the first things you're prompted with is adding members and I can add Joelle as a member here and as soon as I add her it gives me the ability to toggle to make her owner as well I can add Brenda as a member so now there are three of us and of course it's prompting me to start designing my site not going to do that right now um so again one of the main things that you're going to be doing when you're managing a site is the managing of the the people who have access to it so here's where so again we're just trying to focus on just the permissions part but it shows me I have three members two of them are owners one of them is a member level but it's three people that have access to the site and so I can click the three members little link up there and I can see who they are and I can quickly add members from here now before I get into the nitty-gritty of the permission levels and what the people can do on the site let's go through the process of creating a communication site and going through those steps and looking at kind of what the differences are so I'll go back up to SharePoint create a site and create a communication site this time demo select a language English yes you notice that it's not showing me like that the group is going to get an address or anything because it's not creating a Microsoft 365 group okay so now I have a communication site and I have not shared it with anyone yet I'm the only one that has access to it so I've got a little share button up here so you can see that that's different because when I was on that other site let me go back to um let me get the other one on another window here there we go so that's my um Team site and then this is my communication site and so the team site has private group and it has the number of members up here and then the communication site just has the share button so I click share and then the first thing it's prompting me to do is put the person's name so I'll get Joelle here and then it's got a similar little drop down here but it's really got um three things right now it gives you gives her read access by default you can see read is selected and then I can change her to have full control or edit and I can decide whether or not I want to send an email to her when you're adding members to a group site of Team site it doesn't really give you that option does it Joelle it just emails everybody whether you want it to or not yeah so that's that's one huge pretty huge difference um okay so I'm going to give her edit permission and I'm not going to send her an email and I'll add Brenda and I'll just give her read permission and I've shared the site with them so now it's not going to show me you know up here at the top anything about the number of people that I've shared it with or anything like that but when I click to share and I expand these I can see that since I created the site I have full control I am an owner Again full crawl control controls the same thing as owner and then she has got edit which is the same thing as a member on a team site and then Brenda's Got read-only access which usually with communication sites you have just you have less people editing the site and more people consuming it and reading kind of news and things like that so you could just say everyone except external users and if you are in a big company and you just want this to be a site that you want everybody in your company to easily be able to go read you can just say everyone and then um there isn't a group called everyone including external users there's just everyone except external users and I definitely don't want to send an email to everyone in the company so now I've shared this with everybody everybody in the company will be able to read whatever is on the site okay so now we've got the team site the group whatever whatever you want to call it Microsoft 365 group that's really long slash team site and then we have the communication site and the differences between inviting people on each of those and then um we have the concept that we'll talk about kind of a little later is going to be um the concept of external adding external people we'll get back to that one so let's go look at this site and we'll go to where it says site permissions here so this is like the really easy interface is right here where you can just easily and quickly add members and then they're like sort of the next level to be able to get to the more complicated stuff is site permissions and here is where it shows me this is a little confusing the way it does this where it kind of lumps them together so they've tried to make it very simple but it's still got some little confusing spots right Joel it's like they're trying so hard so um we've got site owners so I've whoever whatever multiple people I might have added as owners they're in this group called demo October whatever my site name is owners and then whatever multiple people I've added as members it puts them in this little group so what you really want to do is you don't want to sit here and start adding people on here I would go ahead and just to keep it simple for yourself when you're adding more people just go here and add members instead of going to the other screen okay so but it shows me here the three different levels and I like this option here change how members can share what I usually do here is I change it change it to only site owners can share files folders and the site because by default everybody that you've invited to the site can share and get permissions to anyone to any of the content on the site so that might be I mean if you've got proprietary information that you don't want people accidentally sharing willy-nilly then you might want to lock that down so this is my favorite setting I always go and do this only site owners can share file files folders in the site to give you that higher level of control over who can do what and again only make a couple of people to site owners so that really can help you lock it down do I want people to be able to request access to this site that means if somebody um somehow gets a link to a piece of content that's on the site or they go to the URL of the site and they don't have access to it do you want them to be prompted with that little box that says request access to this site so you could just not allow people to request access if you want and then when they do request access who are they who is going to get that email so if you have 15 different owners on your site and you have this option of your site Owners Group getting access requests every time any time somebody tries to get access it's going to send an email to all 15 of those owners asking them whether or not this person should be allowed access so that could get pretty confusing right so if you don't want the whole group of however many multiple owners you have to get requested with requests for Access you can change it to just a specific person if you want to um and then this is um if you want your request access page to have a certain message on it you can put a custom message on it too um let's see so as a fun little challenge to you all let's see I'll make you um I'll give you all a link in the chat to request access oh great Dennis said everyone except external I've been looking for that solution for a year awesome so I made somebody's day that's fun I'm glad I'm going to have a good rest of the day that I'm glad I got to share that tip with you it's like little things here and there that you know you never know kind of who knows what about all these different little nuances right um then do you want to have guest act guest access expiration your organization does not require guest access now this is when it says your organization that tells me that there is a higher level of setting at the tenant level that's going to say whether or not people are allowed to invite guests obviously this is our power hour tenant like all of your guests you all are in here so we are um allowing guests but we don't have any expiration so it says um if we did it would let it would let us know a list of guests that are expiring um and then we get to the advanced permission settings so before I go to the advanced permission settings that's that's where it's going to get similar between team sites and communication sites before I go to that let's go back to the communication site and look at what if any differences are just on this little site permissions screen so this looks very similar so notice that this whole thing has got a similar interface again I like to change it to only site owners can share and then I'll say allow access requests this is the there we go and again this one's the same thing where it's got access expiration and they both have the advanced permissions okay see if people are requesting access to that site and we'll get back to that too so here are let's talk about some advanced concepts and Joelle just interrupt me just jump in if there's some um questions that I need to stop and answer as we go all right so content can be secured at many levels so this is not obvious when you first create your site um it is not something that is apparent when you're just adding numbers and owners to your site again because it's very very simple to just add people as members and owners just for the whole site but you can put different permissions at all these different levels sites lists libraries items list items documents document sets folders and even pages you can get very granular the thing about when you get granular is that you can make a huge mess right Joelle we've probably seen over our you know 15 years of doing this or so we've seen some extremely crazy things that people have done with permission she's like oh yes so um with great power comes great responsibility um so just be careful because once you get into um changing permissions at all these different levels it gets much harder to manage so it's very very simple to just add people just to the site and create different sites for different purposes but within a site you can get granular so that's with that said be careful okay so now we have permission versus permission level so the permission is each one of these individual activities so it's going to be an individual activity that corresponds to a specific function and SharePoint so all these things that you see listed in this screenshot like manage lists add items edit items delete items view items approve items view versions delete versions create alerts all these very little specific permissions Encompass inside of a permission level so permission level is going to be a group basically of these little check boxes so some of the fun ones that I'd like to point out here are it gives you the ability to take away um people's ability to create personal views if you don't want them creating their own views of Any Given list or Library if you don't want them to be able to add you know kind of whatever columns they want and see whatever columns they want in their own View and then manage alerts if you want to be able to have someone that manages what alerts people have set up for themselves on the site that's what you can do and you can even take away people's ability to create alerts maybe um and this can again can be done at the a very specific list level the whole site level a specific Library so but these are just all the different specific things that you can give people the ability to do on your site so now we have now that I've showed you permission this is the permission levels so Christian level is a grouping of permissions that can be used to define a user group's access to SharePoint it's customizable at the top level site in a site collection now these days everything is a site collection every communication site every Microsoft 365 group is a site collection back in the old school days we had a big difference of things that you can do with sites and we had this old thing called sub sites do you all remember those so subsites are not a thing anymore so we're not we're not going to worry about those so everything's a site collection um you can create new permission levels if the defaults don't fulfill your requirements and then I'm going to move my head out of the way here watch out this is my I'm sure you raise your hand if you've heard my rant about the edit permission level before watch out for the permission level called edit it's not the same as contribute people with edit permission now edit so when you add members to a site edit is the default permission that everyone gets as a member people with edit permission can manage lists libraries they can delete entire lists and libraries they have access to all the settings of all of your lists and libraries and they can think about something that's been customized with power apps like you customize a a list with powerapps as the front end of that list if you click to customize the list form with powerapps anybody who can manage that list with edit permission which is everybody on the site by default can also design that power app and change the app itself so something to ponder we'll we'll get into the nitty-gritty of kind of how to change some of this now at the site level unfortunately you can't change it you can't change what that members group can do for the whole site and one Fell Swoop so it's something I'll show you how that you have to do on each specific list and Library um let's not get into SharePoint groups yet so let's go into um we'll go to our team site here and I'm going to go to the Gear go to site permissions and go to Advanced permission settings so both communication sites and groups have this Advanced permission settings button and this is the old that old school really really really ugly permissions management screen so it's telling me um oh somebody some of y'all have been requesting access to this site awesome so I'll do that in a second um now because I turned on that setting that says only owners can share things with people it's giving me this prompt at allow members to share with others without requiring owner approval so it's really wanting me to go back to put the setting so that everybody on the site can share stuff so that's what that's about that's what that's what that setting directly corresponds with this little third message right here okay so this is my site level permissions screen and it tells me that everybody that's in the members group has edit permission everybody's an owner has full control and visitors have read now when you are at that top level of your team site and you're adding people it just has members and owners it doesn't even have this visitors thing as an option but it's in here if you really do need to add people as visitors so members can edit and if I go try and change that permission level I can't edit the user permissions at this site level I can't change what members can do now you can um go in here and just add individuals um find somebody one of you the external people I can just add an individual person here and send them an invite and pick what group I want them to be in or just give them direct permissions but it is not a best practice so you can put a bunch of individual people's names here but it is not um then that's again that's one of those things that make it very messy so it's not recommended to to click Grant permissions and add individual people's names on these screens and I'll talk about the concept of groups in a few minutes so then we've got um so it shows you what they can all do and then so whatever permission levels you see here are that's what access they have on all the lists and libraries in the whole site and then the same goes for the communication site so when I go look at we talked about permission levels I can click permission levels up here at the top on this screen and that's where I can get into that screen that shows me my I can't edit them but it shows me my permission levels so back in the old days you used to be able to just directly edit these default permission levels on a site but these are locked down these are grayed out so you can take a look at them so let's take a look at that um that red flag the thing I was talking about so here's the edit permission level this is the one that everyone had all the members have by default let's go look at what they can do manage lists that's the big thing that I don't like create and delete lists add and remove columns in a list and add or remove public views of a list they can wreak havoc on that's list and libraries that's both um and then other than that it's just add edit delete items just some basic stuff they can't manage permissions so it's basically just contribute plus manage lists so let's go look at the contribute permission level so contribute C doesn't have the ability to manage lists they can add it and delete look at items create alerts and basic stuff like that so what you can do is you can create your own custom permission level so I want to let's see maybe I want people to be able to contribute add edit but not delete I can create that as a level if I want to so I can click on contribute because I just kind of want to use that to copy it and then I click copy permission level so you can't directly edit it but you can copy it so I'll say contribute this is a big common one right Joelle do you have any other common like custom permission level things that you've done uh well Keen was just asking about having one that where people can add but not edit or delete yep so I that's another example so contribute not delete I'm just basically unchecking delete and I can even uncheck delete versions if I want to let me zoom in a little bit on this it's 175 but um yeah so and if you wanted them to not be able to edit but only to be able to add you could call it something like only add and you could just uncheck like oh you know editing and deleting but you do probably do want them to be able to view so again just uncheck the boxes um and then this is down here that personal views thing that I was talking about so I can even take away their ability to create personal views and Views and we did a whole other Power Hour about views that's the concept of just kind of the way you look at your lists and libraries The Columns that are showing and how they're filtered and sorted and things like that so I can take away um so add edit not delete and no personal views there and so that's my new permission level so I click create and that's something we discovered on the last one where it was like I can't remember what it was but we I knew it was like if they didn't have the delete thing they couldn't do it it was something that somebody was asking about on our last Power Hour oh really oh the move to copy to the move to so if they if you don't want them to be able to do the move to function you can remove their delete permissions oh yeah that was one of our so we have a private office hours meeting with our ultimate member a couple of weeks ago which how can you make the move button disappear you don't want people moving things out of a list or library and so the in the ended up being the answer to that was to just take away their delete permission and then the move button just disappears so yeah that's exactly yeah that's pretty cool right um because I mean they could still copy things obviously but moving moving something would then delete it so if you just take away their ability to delete that does the trick so notice that this one since it's custom it does have a little checkbox it's not grayed out so all the default ones I can't do anything with but this one I could like delete it if I wanted to um you can create them from scratch but I usually just like to create pick an existing one and adjust it like what does design do let me see um design so design gives people the ability to prove items so you know how you have that content approval setting that you have that you can turn on for lists and libraries well when you turn on the content approval setting who do you want to be able to to be the one that's the moderator that's approving things well here's the approve items check box so you could just give someone design permission on that list or library and they would inherently have the ability to approve things um but you could also just create a custom permission level if you wanted to and just call it approve items and then give them the that approved um option let's see make sure that make sure that edit doesn't have approve also let me see yeah no they don't that's good okay so I've gone on my little rant about the edit permission level shows you how to create a custom permission level and then um let's go look at um that concept of permissions and then we'll talk about a little bit about SharePoint groups I don't want to confuse the whole groups with permission levels things so let me um okay so here's my little fun graphic that I created about so here's your SharePoint uh site um each of these little sort of trees is a SharePoint site and you have little libraries and lists inside of them and different documents well you can break permissions at any of these levels and give these things their own separate permissions so I could a bit it's called breaking inheritance so like for example this site over here if I have this SharePoint list that I create I can break the inheritance and then this list can have its own permissions and like this Excel file over here in a library it can break inheritance and it can have its own permissions so you can break inheritance at all these different places basically so by default all of your lists and libraries in your site inherit from your parent you have to break inheritance to be able to customize to give that list or Library different permissions and um you're going to set the permissions from the location that requires you need permission so you're going to go to that list to that library or whatever that level is to be able to do this to go to those permissions so here's how to get to it you go to a list or Library you click the little gear at the top right and go to the settings list settings or Library settings and then you click permissions for this and it will say permissions for this list or permissions for this document library and that will take you to this little old school sort of interface that we were just looking at and that's where you can click um stop inheriting permissions at the top left and this one I already clicked it so it has its own permissions and then you could delete unique permissions to go the other way so you click stop inheriting permissions which then gives you the ability to edit all these and do separate permissions or if you want to go ahead and re-inherit from the parent you can just click delete unique permissions here and then you can also do this on items again this is where it gets really really messy this is not recommended so um and this is what happens when people on your site when members are just kind of randomly sharing things with people they might accidentally be giving people permissions to things um instead of just it used to be remember um Joelle in SharePoint 2013 I think this it happened the worst where they rolled out this new button that said share and people would Click Share because they just wanted to share the link with somebody to a a lot you know a document or something but share the share button actually broke the permissions and gave that item its own unique permissions and then put you know whoever you're sharing it with as as on that permission on that item as having custom permissions and it also sent them a lovely email sharing email but it it messed up permissions really bad just all over the place so at least kind of nowadays it just gives you the ability to just get a hyperlink to share you know you just want to send somebody a link to something and makes it a little more obvious so that's what you can share and give things separate permissions that are individual folders and items it's just again gets messy because they they do have these little sort of icons that show next to things that have been shared and have different little permissions now like a little sort of a pencil with a crisscross across it but it's still it's hard to tell if you're the site owner and if you're just looking at a library it's hard to tell just by looking at it like what all the different unique things are that could be on there hey Laura yeah we um we actually had an interesting question that came in through um our support email um I think the person's not able to get into teams um and I think it's something worth talking about so they're asking can on their team site can they change like the group the member group on their team site to have contribute permission instead of edit permission and would that mess up anything in teams um and I was gonna that's that's a great question because you actually cannot even if it lets you do it it's gonna change it back to edit so if you're going to use contribute it might be on like a specific Library maybe you create something on a specific library that you then do that with I wouldn't do it on the documents library either because that's tricky with teams too you know usually yeah yeah and so I just wanted that out a second ago but it wasn't really I didn't really like say hey this is a red flag I should have you can check the box next to these but you can't edit it see the edit user permissions is grayed out you cannot change what they can do at this top level and it let's used to let you do it but then it would like like overnight a timer would drop would run or something oh yeah so what you have to do is kind of that's why I was kind of leading in to the fact that you can split off and give things different permissions because that's what you have to do you can't um you can't change what it has at the top level of the site unfortunately so usually the first thing that I do when I create a site is I just typically only want the site owners to be the ones managing the home page editing the home page and that seems like a pretty kind of standard thing where you don't want just everybody whoever just editing what's on the home page so since I like only the owners to be able to edit the home page I go to my site Pages library and I go to the Gear so this is something you might want to make a best practice in your company and I go they've added this new level now where you have to click more Library settings to get to this sort of old school settings page and then I go to permissions for this document Library so site pages is just a document Library and here's where this is what I was talking about in the slides I click stop inheriting permissions click ok and then I have my members group here and I can this is where see I can click the button it's lit up I click edit user permissions and then I can just change it for the site pages I just want them reading them I don't want them editing the pages okay so I click read and then everybody just has read-only access to the pages so then maybe my um I'll just go in here and say maybe I've got a list of some sort of requests that people are doing I'll just do an onboarding list and so on this list maybe I'm gonna do some things like have you know customize this form customize the form with power apps have some special things going on on this list maybe turn on content approval I don't want people messing with it or changing the settings so I go to my list settings go to permissions for this list and then stop inheriting permissions and then um that's where I can go to the members group and I can change them to just have contribute or I can this is where I can use that new special permission level that I created contribute not delete so I you know could just do one or the other if I wanted to so typically I would just change it to contribute so change the site pages so members just have read change if there's a special list or Library you don't want people messing with the settings or all of them you can go change them all to have contribute on all those I'm pretty sure there's a Powershell way if you're a Powershell person if you want to just like give it a site URL and have it iterate through all the lists and libraries and change them all to do this that's probably possible I'm not again I'm not sure what that script would be but it's most likely that does exist as a if you needed to do it like in a mass way but it wouldn't it doesn't give you the ability to do it by default though for any new list or Library so now now that I've changed um the permissions I'm going to go back to my home page let's see and now that one list has unique permissions and so does that Pages Library so how can I tell now again this applies to both the team site and a communication site how can I tell where I've got different permissions now I can go to my site permissions Advanced permissions and then now it's got a new little message it's giving me at the top some content on this site has different permissions from what you see here show these items and now it's got these two things that I split to not inherit permissions and I can go directly to the manage permission screen for either one of those from here if I want to and so again all I've done so far is just add we're just dealing with the groups just the default groups of people that exist on here you can add individuals but I don't recommend it so let's go ahead and talk about the concept of SharePoint groups which they've really started to obfuscate so let me go back to my slides um SharePoint groups now the problem currently with SharePoint groups is that they are very proprietary they're very much just going to exist in that site that you create them they're not going to be useful really and there's not much you can do in flow with SharePoint groups they don't apply like anywhere else in Microsoft 365. it's you have to use this really pain in the butt thing in a flow this HTTP SharePoint web service thing if you want to do anything with or get who the members are of SharePoint groups so they kind of make it painful to use SharePoint groups but what do you think Joel if you have a site and you have groups of people that need to have access to different content on the site I mean that seems still seems like the most viable way I mean the other option is I guess you could create active directory email enabled security groups but when you have SharePoint groups you can at least let the person who's the owner of the site be able to just easily manage those you know so but you could do active directory email enabled security groups and give those access to content specific content and SharePoint so these are going to be groups of users assigned to a permission level so by default you get these three owners are site collection administrators these owners have access to the entire site and all of the contents in the site no matter what and um so this whatever the name of your site is owner's group they are site collection administrators that's another reason why you might not want to give 15 people make them all owners of your site they also have access to all the site settings they can do just all kinds of crazy stuff the site settings level best practices if you need granular permissions with a site put users in SharePoint groups give the groups access to those specific libraries or lists so that's the best practice instead of just directly putting individual people's names having permissions right there on the list put the people in the groups and give the groups the custom access here's how they make it kind of tricky to create new SharePoint groups go to the settings gear site permissions Advanced permission settings create group let me do that real quick in the I'm in here so the way to get to the groups is it's it's it's really odd I usually just click on one of the existing ones like this demo October members group and once I click on the group it takes me into the group and then that's where I can get like I said this is really this is like a hack now to get to the ability to create a SharePoint group because like you really have to dig in here because again they try to simplify things so much that they purposely opusated kind of how to do this then I click on groups and then once I click on groups over here on the left then it shows me all the groups that exist and that's where I can click new so maybe if I have just a special little smaller group of people who are managers and I want managers to have access to maybe some certain a certain library on the site I can do that and then who can view the membership of the group I usually just change that to everyone and then who can edit it I say group owner now it's by default it's going to give me it's going to make me the group owner if I create the group I usually just don't check any of these boxes right here when I'm creating the group because this is going to be what it gives that group access to at the whole site level and what I'm going to do with this group is I'm going to give it access to a specific set of documents in a library so I'm not going to check any of these boxes so I just create the group oh I didn't I didn't give the owner um I didn't give it an owner so I can just give it I'll just say owners whoever the um what is the name of this group demo demo October owners I'll just make the owner's group the owner of this managers group and then by default it puts me in it and of course I can add add other people with the new button and I can take myself out by just removing myself like that so now that I have a new group now I might have um if I want to create some special content like I'll just say for managers only files for only trying to hurry we're running out of time I also only manage yeah I think this content Joel in our class is like two hours worth and I'm like cramming it so I'm not sure if I'm gonna get through it all files for only managers and then um inherently if you don't have access to something you're not going to see it in the navigation so once I give this access to only the managers only they will see that link in the now so now I'm in the library called managers managers only manager only Library settings more Library settings permissions so here I am in my new library I go to stop inheriting permissions click ok and then I can just take out the owners and the visitors completely and um not the owners the members and the visitors and then I'm going to say managers and then that's that group I created called managers and that's whether um share everything in this folder even items with unique permissions yes there isn't even anything in there yet and um permission level here's where it's asking me what permission level they're supposed to have I just want to give managers contribute they don't need to have edit which would give them the ability to manage the whole Library so I'll just click share so now I have to refresh this page because it's a little weird the way that works so now just the owners and managers have access to this manager's only Library um okay any interesting questions going on um okay so another thing once you've started doing all this craziness with permissions is that you might want to go check to see what somebody's permissions are so like Okay so this happened at the company where I used to work we had somebody named Bob call up the I.T department and said they said I was doing a search for something in SharePoint and my search results came out what came up with all these files that looked like their HR files they look like they should be confidential like I shouldn't be seeing these in my search results I shouldn't have access to the site where these files are so we investigated so we went to that SharePoint site and we went to that Library where the files were that the person was saying that they shouldn't have access to and then what we did was we did this check permissions so we go into Library settings more Library settings permissions and so this is how you can go to a specific location and check what someone's permissions are there so I'll go check permissions I'll type Brenda here check now and then it says she has edit permission right here and it's given because she's in the demo October members group so that tells me how specifically why that specific person has access to that library or list or whatever that location is now we're going to do the access request stuff so I'll go ahead and click close so that's how you can find investigate why somebody has certain permissions and let's go to my slides having to do with those access requests okay so let's see I don't know if they've added to create like a more modern looking interface for this but when you go to the access requests and invitations this is going to have a list of what your access requests are so let's go to the access requests for this site that I'll let you all request access to let me go back to home and wait for the gear come on gear and go to site permissions Advanced permissions and access request settings so yeah so allow access requests blah blah blah and then I need to go to the actual list of requests so show access requests and invitations people are waiting for approval yeah that's still that they haven't changed this interface it's still that same old school so it's saying that they're all requesting so if I click approve here now it's telling me after I click approve it's telling me what permission level it's giving them so it's saying can edit so what did it do so if I click change here now look what it did this is why I can't stand this is Joel instead of putting it putting them in the members group it just added them directly into this sort of other group SharePoint it just puts them in the SharePoint group so the proper way so let me go to I'll go to this person the proper way to add members to the group so it doesn't get messy like this is from your home page you would just click to add members up here it always takes a second for this to show up add members and go oh well she's not there because she's external oh add members to this group to add external guests go to Outlook to invite them that's another kind of weird thing having to do with external users is to add them as members just if you haven't already gotten an access request or anything and you just have a few external people that you want to add it uh let me go zoom in here again this is so I know this is so odd that it's just taking you to this other screen where you have to go to Outlook to do this um still has some work to do no you have to invite others no that's going to copy a link oh my gosh yeah did they um members I'm trying to just add her as external I have this in the slides but like the thing that I have in the slides I think they um they change the button hold on a second this is where it gets a little weird go to Outlook click the Ellipsis okay I'm gonna do that I'm going to follow my own instructions that little gray thing members and a group that is weird trying to just type I'm typing the name of somebody that I know is an external user yeah it's like not even it's not doing the way it used to do to be able to add external users from here like it said here to go to Outlook to invite others but then the interface and Outlook doesn't even let you invite others but it definitely lets you invite them in teams which is another kind of weird thing about permissions is if I go to teams like I'm in this team that we're using for power hour right now what if you put in the email address does it let you do it well yeah you're right I should just type I was trying to get it since she's already an external user in our environment I was trying to just get it to like populate her name but you're right I should just um let me go back to that screen I could have sworn I could do with email addresses yeah I just need to type the full email address see Let me refresh this oh I did them all hold on you can just put in one of mine oh yeah well are you an external user in here I'm pretty sure okay let me see oh yeah I think I've got one that's an external user it's like searching for a number hold on oh yeah there I am okay so yeah don't do what I did and just start typing the name expecting it to pop up and be in the directory which it is in the directory but uh you have to just type the whole thing and again you have to go to Outlook to do it which is really odd it's very very awkward so I um I all these people that I said this again this is my pet peeve with the access request is that it doesn't put them in the members group here it doesn't put them as actual Microsoft 365 group members it just adds them to the SharePoint group called like the name of the site members but then they're not really members of the whole isn't that isn't that awkward so let me try um going to wait yeah so that's where you'd want to go so let me try and add I added myself my external user but it's not showing in there anyway so yeah it gets a little it gets a little weird with external users and just pay attention when you're approving people's access requests pay attention to what permission level it's giving them and then kind of where it's putting them so it was putting them like in a weird place and so you might need to kind of adjust like moving them to different SharePoint groups inside of your site or giving them kind of paying attention to what permission level it's giving them when they do get access um wow it is time to stop already to be honest yeah I was gonna say to be honest I was gonna say to be honest I like never do those I just like see who wants access and then I go put them in and then I email them or email them when I put them that guy never accept the I just see the access requests go okay that person needs permission go give them permission and then just let it go through that way because those access requests have always been quirky to me yeah yeah so sometimes like you'll like accept it and then like it doesn't do anything it just sits there and it's just like I've seen like really quirky things it's like one of those things where you just makes you not want to use it but then if you've got a really large company with hundreds of sites and you I mean it's really useful to just be able to click approve and have them go in but then if you're a site owner and you know that it's doing that you kind of know better then you can once you click approve then you can go in and like shuffle them you know kind of put them in the right place but that's kind of a pain so yeah that was our uh yeah that was a fast hour huh that was our permissions Power Hour um thanks for all the Lively conversation yeah you can turn off the ability to request access so yes that's a good point Carolyn they had that little toggle switch where you can turn off the ability to request access but then if you're in a large company and you don't know who the owner of that site is and you really do need access to it like what do you do so that it just makes it trickier all right well um we have if y'all go to iwmentor.com and you go to our schedule um you'll see that we have power hour next week November 2nd and office hours November 3rd for our ultimate members with your own with our little private q a so thanks everybody for coming and we'll see you next time have a good Halloween

Info

Channel: Laura Rogers, Microsoft MVP

Views: 8,066

Rating: undefined out of 5

Keywords: Microsoft 365, SharePoint, permissions, sites, files

Id: U6AErTh69bk

Channel Id: undefined

Length: 60min 48sec (3648 seconds)

Published: Wed Oct 26 2022