Forum Discussion
Solved
Difference Between SP Access/Permissions via SharePoint Groups vs. Domain Groups?
This question derives from a past post about Greyed Out Sharing Options for users trying to Share their Doc Lib content when they have access\permissions to the SP site and content as a member of a Domain Group (it is an MS AD Security Group that contains various M365 users) as opposed to a member of a SharePoint Group.
I would like to know how SP designates the two groups, Domain Group vs SharePoint Group as being different in regard to access/permissions/sharing (it may be that there is no difference except for sharing to an SP site).
Also, in regard to SharePoint Site Groups, what is the difference in giving users (M365 user or MS AD Security Group) access/permissions to a SharePoint Group (Owner/Member/Visitor) via the Settings>Permissions>Add member to Group vs. Share Site Only. I ask b/c the latter option was the only way I could get an MS AD Security group to successfully add to the SharePoint Group>Site Members to allow for full sharing for their Doc Lib content.
BTW, I can't seem to find a technical MS resource that explains these more complex SP intricacies in regard to the type of issues (Groups/Permissions/Sharing, etc.). Please let me know if there is a good IT Admin SP resource that would have this info.
Update: After quite a bit of testing/troubleshooting I have found the following:
- When a user has SP Site access via creating a Domain group of the MS AD Security group they are a member of (where I can assign custom site permissions.), the doc libs\document sharing options are greyed out.
- When a user has SP Site access via creating a SharePoint Group that contain the AD Security Group they are a member of (where I can assign custom site permissions), the doc libs\document sharing options are available except for "Anyone" and "People in..the tenant organization name" that are greyed out.
- When a user has SP Site access by adding the AD Security Group they are a member of via the "Share this Site Only" option, the AD Security group is added to the SharePoint – Members site group, and they have full sharing options. I have to pick Edit or Full Control permissions.
Not sure why these difference/limitations in Sharing need to exist.
My goal is to somehow use MS AD Security Groups for SP site access and be able to apply custom default site permissions, with the users in their prospective AD Security Group to have full Sharing options of their Site doc libs\documents.
Any input on how to achieve this goal, and/or documentation that explains the intricacies of the various characteristics/limitations of granting SP site access with SharePoint Groups vs. Site Groups vs. Domain Groups, would be highly appreciated!
- When a user has SP Site access via creating a Domain group of the MS AD Security group they are a member of (where I can assign custom site permissions.), the doc libs\document sharing options are greyed out.
1 Reply
Update: After quite a bit of testing/troubleshooting I have found the following:
- When a user has SP Site access via creating a Domain group of the MS AD Security group they are a member of (where I can assign custom site permissions.), the doc libs\document sharing options are greyed out.
- When a user has SP Site access via creating a SharePoint Group that contain the AD Security Group they are a member of (where I can assign custom site permissions), the doc libs\document sharing options are available except for "Anyone" and "People in..the tenant organization name" that are greyed out.
- When a user has SP Site access by adding the AD Security Group they are a member of via the "Share this Site Only" option, the AD Security group is added to the SharePoint – Members site group, and they have full sharing options. I have to pick Edit or Full Control permissions.
Not sure why these difference/limitations in Sharing need to exist.
My goal is to somehow use MS AD Security Groups for SP site access and be able to apply custom default site permissions, with the users in their prospective AD Security Group to have full Sharing options of their Site doc libs\documents.
Any input on how to achieve this goal, and/or documentation that explains the intricacies of the various characteristics/limitations of granting SP site access with SharePoint Groups vs. Site Groups vs. Domain Groups, would be highly appreciated!
- When a user has SP Site access via creating a Domain group of the MS AD Security group they are a member of (where I can assign custom site permissions.), the doc libs\document sharing options are greyed out.