Hubsite Groups to Associated sites

Hello,

I would recommend creating assigned security groups or even dynamic security groups. The groups should then be inserted within the SharePoint permission groups. This has to be done once for each site that is set up. 

Without a customized provisioning script/solution, there is no easy way to automate the permissions structure. I would also not recommend syncing from the hub to the other sites because it creates a big risk of oversharing. 

With the help of Entra ID security groups, you can manage everything from the Entra ID portal, and the permissions will sync to all the sites where you have applied the security groups. If you manage the properties of the internal members and external users, you could also have dynamic security groups that will automate the permissions delegation. 

My recommendation is following:

1. Identify users that should be within groups (customer 1, customer 2, internal region 1).
2. Create security groups with a solid naming convention and apply the users within the groups.
3. Navigate to the SharePoint sites/folders/objects that should be shared. 
4. Add the security group within the right SharePoint permission group. 
   Note! By default, SharePoint provides three different permission roles (owner, member, visitor). 
   This can be customized, and you could also create your own permission role to further adapt the permissions given. 
5. Do task number 3 and 4 for all relevant areas. This could take some time, but it is a one-time setup. 
6. (Optional), if possible, try to plan a lifecycle management, an access review from time to time.
   
   Please mark as best reply if this was helpful 🙂
   
   Yours sincerely,
   Aref Halmstrand