Forum Discussion

Johann_Hoepfner's avatar
Johann_Hoepfner
Copper Contributor
May 17, 2024

Guest user see all users in domain

Hi all,

 

I have recently extended the usage of Sharepoint in the company.

 

I have then created a site intended to collaborate with partners who work with us. These are persons which are not part of our company, but who should get access to a common document folder structure to download documents intended to all partners, and also a personal folder to exchange documents only intended to them.

 

The idea is to create a team with all partners who can access the common area and to provide individual access to the personal area. My idea was to use "Guest accounts" for the partners and to group these guests in a team with our staff for the common section.

 

After having created a dummy guest account and done some testing, I noticed that any Guest user is also member of the "All users" group. Through his account portal, the guest user gets visibility on the  "all users" group that exist in the sharepoint domain (active users, other guest users). It seems impossible to remove a Guest user from the "All user" group. While I understand the technical reason why a guest user is also member of all users, I don't think that guest users should be able to see all other users. 

 

I now try to understand the purpose and usage of Guest user accounts : clearly I don't want to show all users to any guest user.

 

Also what would be the best practice to create a secure and limited environment in Sharepoint for the purpose explained at the beginning ?

 

Thanks for your help !

  • That "All users" group is likely created by one of your administrators and uses dynamic membership filter. Either adjust the filter of said group to exclude Guests, or delete it altogether if you consider it a security/privacy issue.
    • Johann_Hoepfner's avatar
      Johann_Hoepfner
      Copper Contributor
      It is my understanding that "All users" is created by default and not an optional creation of the admin. But thank you for the idea of using dynamic membership filtering - I will look into it.

Resources