Forum Discussion
Access Requests impacting permissions granted to Azure AD group?
ChrisWebbTech wrote:
However, the problem is, if you're noticing that not working, when you add someone to a AD group after they have tried to access the site there used to be a group caching mechinism on-prem that you would have to recycle the app pool to force it to recheck the group for new members. Not 100% sure if it still does this in Cloud, I think it does, so if you're having issues it's related to that and not so much the request access issue.
This sounds like the case (the group caching mechanism part). The question is how do I recycle the app pool in SPO? Or, if that's not possible/practical, how do I get the same effect (e.g.: remove them from the site collection users to "flush" them from the site)? I have tried removing the AAD group from the site and re-adding it. Also, if I add it to another site collection, those two users show up with the appropriate access, so it's something specific to that site collection (leading me to suspect removing from the site collection users may do the trick, but I've always used that as a solution of last resort).
I'm officially confused now. With no intervention on my part (I did not delete them from the site collection users, nor did I add them to any of the groups in the site), they actually do have access as appropriate to the Azure AD group in which they are a member. However, the confusing part is that the "Check Permissions" function still shows their permission level as "None". Now, it seems, we cannot trust that function to accurately report a user's permissions to a SharePoint object (site, list, item, etc.), which kind of sucks. Telling users "hey, try it now...it should work" doesn't inspire a lot of confidence.