Forum Discussion
Can i manage Sharepoint Online Permissions with AD?
Can you recommed any literature or pages with information on how to best manage security / access / permission groups in sharepoint? there are some many different opinions that i am getting a bit confuse (to create my onw user groups or use Member / owner groups in sharepoint for example) thank you
The Sharing functionality in SharePoint/OneDrive/Teams uses SharePoint Security Groups to give people access to items that have been shared. It creates a new SharePoint Security Group every time a new Sharing link is created for an item. You might want to consider that before you spend too much time worrying about SharePoint permissions in the first place.
However, if you are going to try using AD security groups to manage access and permissions to SharePoint sites, one good approach is to use a combination of SharePoint Security Groups plus AD Security Groups inside of those SharePoint Security Groups.
For example, every SharePoint site comes with three SharePoint Security Groups - Owners (Full Control), Members (Edit), and Visitors (Read). You should put your AD Security groups inside one of these default SharePoint Security Groups.
- That is great thank you very much for your reply.
We were thinking of using the existing AD groups and as you said, add them to the security groups in SP.
Regarding Security Groups in SP, is it still not recommended to create customised Security Groups? (for example, if i want somebody to have visitor permissions for most things but want them to be able add items to a list)?
Thanks againI would again suggest understanding the Share functionality in SharePoint before getting too far into trying to control access and permissions via groups.
However, if your situation calls for using AD Security Groups and SharePoint Security Groups, I don't see a problem in using them. I have created SharePoint Security Groups for a specific List or Library if I needed to give people a different level of permissions to that particular list or library.
For example, if our HR department has Read access to most of a SharePoint site, they will be in the SharePoint Visitors group to give them that access. But then if I need the HR department to have Edit access to a specific HR Document Library, I would probably create a SharePoint Security Group specifically for assigning Edit permissions on that HR Document library and then add the HR department to that group.
SharePoint Online has made it a little more difficult to get to the Groups page in site settings to create a new SharePoint Security Group, but you can still get there when needed.