Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Everything You Want to Know About SharePoint Site Permissions


Published on

The world of SharePoint permissions is changing, with Office 365 Groups, external users, and the integration of other Office 365 features, such as Microsoft Teams. How do you make sense of it all? In this session we will demystify the world of permissions management for sites, to ensure the right people have access to the right information, at the right time.

Published in: Technology
  • Be the first to comment

Everything You Want to Know About SharePoint Site Permissions

  1. 1. E v e r y t h i n g Yo u Wa n t t o K n o w A b o u t S h a r e P o i n t S i t e P e r m i s s i o n s Erica Toelle
  2. 2. CONTACT ME @ericatoelle ERICA TOELLE Microsoft MVP
  3. 3. TABLE OF CONTENTS ADVANCED SCENARIOS What about an extranet? PERMISSIONS BASICS How SharePoint permissions work. EXTERNAL USER ACCESS How to share SharePoint content with guest users. 2 3 1
  4. 4. THE BASICS OF SHAREPOINT SECURITY Permission Level Full Control Edit Contribute Read View Only Approve Design Site Collection Site Library or List Item, Document, Folder USER OR GROUP PERMISSIO N LEVEL SHAREPOI NT OBJECT
  5. 5. THE STANDARD SHAREPOINT PERMISSIONS More Information PERMISSION LEVEL DESCRIPTION 2010 2013, 2016, 2019, SPO Owner (Full Control) Contains all available SharePoint permissions. X X Member (Edit) Can add, edit and delete lists; can view, add, update and delete list items and documents. X Member (Contributor) View, add, update, and delete list items and documents. X Visitor (Read) View pages and items in existing lists and document libraries and download documents. X X
  6. 6. TYPES OF SHAREPOINT ONLINE MODERN SITES TEAM SITE COMMUNICATION SITE HUB SITE Public Private Permissions are a bit different in each site type. HOME SITE COMING SOON!
  7. 7. CREATE SHAREPOINT SITE AUTOMATICALLY CREATES OFFICE 365 GROUP CREATES OFFICE 365 CONNECTED SERVICES SHAREPOINT PERMISSIONS IN MODERN TEAM SITES • Automatically Creates Owner, Member, and Visitor SharePoint Groups • Creates Owner and Member Azure Active Directory Groups • If public site, add everyone except external users to Member AAD Group • Planner Plan • OneNote Notebook • Stream Video Portal • PowerBI Workspace (if licensed) • Outlook Team mailbox • Outlook Group Calendar
  8. 8. WHAT IS AN OFFICE 365 GROUP? IT Pro An Azure Active Directory Security Group End User A group of people that are working together, such as on a team, project, or department IF YOU ARE TECHNICAL IF YOU ARE AN END USER
  9. 9. OFFICE 365 GROUP PERMISSIONS Office 365 Group Office 365 Connected Services Site Collection Admin SharePoint Group OWNER SharePoint Member MEMBER
  10. 10. DEMO
  11. 11. SHARING SETTINGS • Sharing permissions: • Who can share the site? • Who can share files? • Access requests: • Turn on or off • Send requests to all owners or a specific email address • Set a custom message
  12. 12. COMMUNICATI ON SITES Aren’t asked to add people when creating site 1 When you add people it defaults to visitors 2 AAD groups are NOT created 3 Office 365 Connected Services NOT created 4
  13. 13. HUB SITES Permissions will depend on whether you start with a Team or Communication site Recommend starting with a communication site SharePoint site collection administrator can associate a new or existing site with a SharePoint hub site When users associate their sites with a hub site, it doesn't impact the permissions of either the hub site or the associated sites. Ensure that all users you allow to associate sites to the hub site have permission to the hub site.
  14. 14. DEMO
  15. 15. WHAT IS AN EXTERNAL USER OR GUEST? Someone who does not have a license in your organization who has been granted access to a site, file, or folder. • Not licensed • Limited to basic collaboration tasks • Added to Azure AD with #EXT# in username Authenticated WITH Microsoft Account • Not licensed • Sent one-time access code Authenticated WITHOUT Microsoft Account The guest will need to click a link in their email to accept privacy terms before they can access any content.
  16. 16. SHARE A SITE WITH AN EXTERNAL USER 1 2 3 Guests can only be site members, not owners
  17. 17. SHARING A FILE WITH GUESTS Anyone People in the Organization People with Existing Access Specific People
  18. 18. ANYONE LINK SETTING • A transferrable, revocable secret key • Users can forward the link • Access can be revoked at anytime • Need link to gain access • Guarantees users can open the document anywhere, anytime
  19. 19. PEOPLE IN THE ORGANIZATION LINK SETTING • A transferrable, revocable secret key • Users can forward the link • Access can be revoked at anytime • Need link to gain access • Requires a sign in to an organizational account • Members (non-guests) in Azure AD
  20. 20. PEOPLE WITH EXISTING ACCESS LINK SETTING • This is basically just resending the link without changing existing access permissions
  21. 21. SPECIFIC PEOPLE LINK SETTING • A non-transferrable, revocable secret key that only works for the recipient • Cannot forward to other people • Existing users get access by signing into account • Can be internal or external users • Can add external users through email passcode • Grants internal user access by breaking inheritance
  22. 22. Specific People – What it Looks Like
  23. 23. STEPS TO ENABLE EXTERNAL ACCESS Tenant Admin configures external sharing for the company 01 Site Owner configures external sharing for the site 02 End User Shares the Site with External User 03
  24. 24. DEMO
  25. 25. WHAT IF I DON’T LIKE MODERN SHAREPOINT PERMISSIONS? NEVER change the default Office 365 Member / Owner groups Instead, add people to the SharePoint visitor group for read only Or, create a new SharePoint group for custom permissions You can create a custom provisioning solution to make this scalable
  26. 26. What if I need a List, Library, Document, or Item to Have Custom Permissions? • No problem! • You can break inheritance the same as in past versions of SharePoint • Don’t do this for the default Document library used by Microsoft Teams • If you have legacy InfoPath forms or SharePoint Designer workflows with permission requirements they will still work
  27. 27. What if I need an Extranet? Add Users Add internal and external users Provision Site Provision sites manually or automatically User Accounts Bulk create external user accounts using Azure B2B Site Collection Create a separate site collection
  30. 30. SPSLA 2019 SharePint Cinco 7241 W Manchester Ave. Los Angeles, CA 90045 6:00pm – 8:00pm Sponsored by:
  31. 31. CONTACT ME @ericatoelle ERICA TOELLE Microsoft MVP