Forum Discussion
Do not allow users to share files and folders they do now own
Hi Daniel!
- (I do not recommend it but...) You can restrict sharing this way but it leads to that the owner(s) of the site is/are the only one(s) able to share files. That could cause a lot of administrative work for the owners.
- That is the easy part. You just place the users in the right group. If needed You can break the inheritance of the document library (but i do not recommend that either :-) ). Check this video: https://support.office.com/en-us/article/video-understanding-permissions-in-sharepoint-c13a4f37-eea1-48f6-8dac-14ac37d73903?redirectSourcePath=%252fen-us%252farticle%252fvideo-share-a-site-without-access-request-8eafd9da-f654-4920-aa87-4d452e677887&ui=en-US&rs=en-US&ad=US
- If You have been assigned to the owner-group of the site you will have that access level.
Unless this is about highly confidential documents, I recommend that you do not "lock down" the access too much, that will cause a lot of extra work. Keep it simple and stay as "open" as possible. (If needed, everything is traceable in the version history and Audit Log and possible to track afterwards.)
Hope that answered Your question.
Regards, Magnus
- (I do not recommend it but...) You can restrict sharing this way but it leads to that the owner(s) of the site is/are the only one(s) able to share files. That could cause a lot of administrative work for the owners.
Hi Daniel!
- (I do not recommend it but...) You can restrict sharing this way but it leads to that the owner(s) of the site is/are the only one(s) able to share files. That could cause a lot of administrative work for the owners.
- That is the easy part. You just place the users in the right group. If needed You can break the inheritance of the document library (but i do not recommend that either :-) ). Check this video: https://support.office.com/en-us/article/video-understanding-permissions-in-sharepoint-c13a4f37-eea1-48f6-8dac-14ac37d73903?redirectSourcePath=%252fen-us%252farticle%252fvideo-share-a-site-without-access-request-8eafd9da-f654-4920-aa87-4d452e677887&ui=en-US&rs=en-US&ad=US
- If You have been assigned to the owner-group of the site you will have that access level.
Unless this is about highly confidential documents, I recommend that you do not "lock down" the access too much, that will cause a lot of extra work. Keep it simple and stay as "open" as possible. (If needed, everything is traceable in the version history and Audit Log and possible to track afterwards.)
Hope that answered Your question.
Regards, Magnus
Hi Magnus,
thanks for your reply.
1. Unchecking that checkbox also broke OneDrive sharing, so that's not an option.
2. I found this the hardest part. From file server ACLs I'm used to just add domain users to my root share with read permissions to that folder only. I have no idea where I can do that in Sharepoint and the video doesn't explain that.
3. I'll check it out once I get permissions setup.
Unless this is about highly confidential documents,
It is about confidential documents. Management, Staff, Finance are all folders that are ONLY for certain users.
I recommend that you do not "lock down" the access too much, that will cause a lot of extra work. Keep it simple and stay as "open" as possible.
I am installing Windows File Servers for ten years now in SMBs. Creating a shared folder structure and applying ACLs (with the RBAC / IGDLA approach) takes me no longer than 15 minutes. Once it's done, changes happen once or twice a year. I absolutely disagree with your statement. However, I can imagine in big corporations teams may be more fluid. But I'm talking about 50 people.
(If needed, everything is traceable in the version history and Audit Log and possible to track afterwards.)
I rather prevent problems, than chasing them. Aside from that, nobody in a 50 person company has time for that.
I can see the advantages of SharePoint in an environment with many branch offices, or OneDrive when it comes to sharing files with guests. But setting up a document share with proper permissions, I find a thousand times easier on a Windows server. If my customer wouldn't have so many branches, I wouldn't even consider SP for a second. Very frustrating...
- StephenRice
Microsoft
Hi DanielNiccoli,
The "Members Can Share" feature that Magnus pointed out is configurable on a per-site collection basis so you should be able to disable that on SharePoint sites (so that only owners are allowed to share) but leave it on for OneDrive (so that sharing works as expected there). Thanks!
Stephen Rice
OneDrive Program Manager II
Hi, at the site collection level I set it so only site owners can share.
Only the IT team have been set as owners of the site and subsites.
When I open a subsite I can see all options under access request permissions are unticked.
However staff who are not owners of the sites are still able to open a document library and share a folder or file.
Its seems the settings are not applying. Anyone have any idea what could be the problem?
Can someone provide a powershell script we could try to do the same?
We want any new folders and files to inherit permissions and not allow staff to create special permissions by sharing. We are also only a 50 person company and its more efficient for us to manage permissions this way its also important for us to keep a tight hold of which staff have access to our data.
P.S. We also have one drive syncing.
- StephenRice
Hi geckonet,
Can you paste screenshots of the request access UI & the sharing options that your end users are seeing? Thanks!
Stephen Rice
OneDrive Program Manager II
- I tried again and now it's working. I must have made a mistake the first time because in addition to the site, OneDrive sharing stopped working, too.
Thanks for emphasizing Magnus point.
