Forum Discussion
Best Practices for Permissions on an O365 Group SharePoint Site
Can somebody please shed some light here -
When an Office 365 group is created, the Owners group in the Sharepoint team site has no user added to it !
Now, when we reduce the permissions of the Members group to contribute, there is no user in the site, who can then manage the permissions on the site !!
Its strange, why isn't the user who created the Office 365 group added as an Owner in the site. Or am I missing something here ?
In the current Groups UI, site permissions are managed in the new pane accessible from the cog menu:
And, as clearly stated, owners and members should be managed only by OWA.
- I am not sure why but I don't see the note "To view or change the group members..." as you have indicated in your screenshot. But that apart, the outlook interface will only allow us to add members to the group which are directly added to the AD group.
Now that we have a full team site, people are going to want to manage permissions directly in team site on the list, libraries etc or for that matter provide access to the users to only READ the content. I was trying something similar and was baffled to see the owners group empty.- For managing permissions, you can use (with care!) the hidden page https://tenant.sharepoint.com/sites/group/_layouts/15/user.aspx. But, while there, leave alone the standard groups!
- In the "Site permissions" pane, under the cog menu in the connected team site, you can safely change the default permissions for the standard groups.
- In the OWA UI, you can safely manage the standard groups membership: add members, remove members, promote members to owners, demote owners to members etc. The same can be done in the "Group membership" pane in the connected team site. And the same can be done also by PowerShell.
you are right, it's recommended to manage permissions with the end user interface. However, every PowerUser is aware how to use the native permissions from previous normal site collections. Very often companies have complex permission requirements, which will definitely not be covered by only three groups (Owners, Members, Visitiors). Therefore we want to conifgure additional permissions directly on the site. It's deifnitely confusing, when users are granted permission to this site, but there is actually nobody in the regarding groups.
Doesn't matter, which UI I use, it should be deifnitely consistent to avoid ambiguities. That's my opinion. Happy to hear your opinion. :-)
Hello everyone!
I absolutely agree with Robert Mulsow. I also cannot see members once I enter the advanced site permissions options for a specific private group.Also, it is very difficult to set permissions on a folder level. I entered the library settings and then entered permissions for this library. Later I tried to break the inheritance, but I ended up being kicked out of the group.
Any recommendations?It is important to be able to set permissions on a document or a folder level as 3 types of group members (owner, member, visitor) will not cut it :(.
Deleted
As it has been stated in several other threads, it is better to leave alone permissions in Groups teamsites.
If you need more sophisticated permissions structures, then you should better use classic team sites.
I agree with you: the various UIs should be consistent.
Nevertheless, Groups have definitely a non-standard implementation wrt their parts (team sites, shared mailbox etc.): I think we should accept it.
Also, in classic team sites, upon creation, the three groups (Owners, in particular, but also Members and Visitors, of course) are empty.
- You think that's fun, try creating a subsite in a Group team site, the permissions there are all wonky too. The same restrictions are applied to "sub-site Members" (can't edit default "Edit" permissions). It tries to act like a "Group", but its not, "site information" doesn't load because it is not a Group. No way to get back up a level unless you hard code in a "go back" link or inherit menu, which may or may not work depending on the day.
This is a mess.
