Forum Discussion
Edit Permission Allows Deletion
- IMHO this is how it works now...since you have the Edit permission that is SharePoint permission behind the scenes, you are a collaborator in the file and you can delete it
While I appreciate the replies, I can tell you that our users will reconsider using OneDrive for Business to share files with others when they know that this can happen. I am sure that there are plenty of scenarios where allowing others to delete your files makes sense, but not providing a simple way to allow editing without deletion will make users uncomfortable with the platform.
The delete right being part of the "Edit" permission isn't the biggest issue in our environment. Instead, our biggest issue is people with "Edit" permissions have the right to change permissions on the document/library/list/site.
IMHO, when Microsoft made "Edit" the default with SP2013/SharePoint Online, it was a huge mistake.
Totally agree with you. EDIT permissions SHOULD NOT allow permission controls. This is undermining our ability to use ODFB since users (content owners) do not have control over access to their files if they collaborate.
I assume the thinking behind this behavior is that if someone can edit a document, they can download and share it -- but the same is true for READ as well and READ does not have permission controls.
So IDK what they heck the thinking is.
Read = Read
Edit = Contribute (don't like the delete list permission, but understand it's probably more about list control than list delete)
Full Control = Contribute + Permissions control
Just like it has been for years.
Deleted JamesR
Couldn't the problem be solved simply unchecking "Allow members to share the site and individual files and folders" in Access Requests Settings?
Thanks again Salvatore, we found the setting and looped our OneDrives to disable the settings -- users can turn them back on if they choose, but we prefer the more secured profile by default. This is so much better -- feel like I'm back in a comfortable old pair of jeans! cheers
Allow members to share the site and individual file and folders
Allow members to invite others to the site members group. <Site> Members. This setting must be enabled to let members share the site.
Connect-PnPOnline -Url $url
$RootWeb = Get-PnPWeb -Includes MembersCanShare
$SubWebs = Get-PnPSubWebs -Recurse
$AllWebs = @()
$AllWebs += $RootWeb$RootURL = $RootWeb.Title
Write-Host $RootURLforeach ($SubWeb in $SubWebs) {
$Sub = Get-PnPWeb -Identity $SubWeb -Includes MembersCanShare
$AllWebs += $Sub
}foreach ($Web in $AllWebs) {
$WebTitle = $Web.ServerRelativeUrl
if ($Web.MembersCanShare) {
$Web.MembersCanShare = $false
$Web.Update()
$Web.Context.ExecuteQuery()
Write-Host "$WebTitle - MembersCanShare Disabled" -Fore Yellow
} else {
Write-Host "$WebTitle - MembersCanShare Already Disabled" -Fore DarkCyan
}
}
