Forum Discussion
Hide version history from external users (link sharing)
Hi all,
I would like to hide the version history of our documents in Sharepoint from all external users, no matter how they collaborate on our documents (read and edit / invited through "All" link or specifically, etc.). In other words, I would like to set Sharepoint up so only internal users can ever see version histories. Is that possible? I've been researching and googling like crazy and I can't find anything. Can anybody help?
Thanks a lot,
Barbara
12 Replies
Hi Barbara_EM,
Maybe that can help you. In SharePoint, you can create a permission level where you disable the option to view version history, create a group of members of external users, and assign the permission level to that group. I tested it in my environment and it worked!
If you want, I'll send you step by step.
A step by step would be super helpful, thanks so much. I've tried the permission level approach but I couldn't make it work.
Thank you!
Barbara
Where exactly are you having problems? The second option provided within the SharePoint Maven link is pretty detailed and shouldn't give too many problems. On a high level you're basically creating a new group (which is a collection of users), then attaching a custom permission group to it. Once these are done, you'll edit the permissions on the library level and add this custom group there.
A step by step would (using content from the SharePoint Maven blog) be something like this: -
- Navigate to the root (the very top-level site) of the site collection where your site resides
Gear Icon > Site Settings - Under Users and Permissions choose Site permissions
- From the ribbon, choose Permission Levels. This is a screen that shows you all the existing permission groups. Note it won't tell you where these are applied
- To create a custom permission level, I suggest we just copy an existing one and adjust it slightly. So go ahead and click on Edit Permission Level
- DON’T MAKE ANY CHANGES on the screen that appears next. Otherwise, you will mess up the out of the box permission level. Instead, just scroll all the way down and choose Copy Permission Level
- Once the Permission Level has been copied, you can now make changes to it. Give it a name, you can also specify in the description the specifics of this custom permission level. Next, scroll down to a list of specific permissions and un-check both View Versions and Delete Versions
- Scroll down to the end of the page and click Create. Now, our custom permission level has been created!
- The next step would be to apply this to a SharePoint User Group, either a new one or an existing one. I'll assume that a new one is the best way for this. So, using the cog --> Site Settings --> People & Groups to navigate to the People and Groups page. This should resolve to People and Groups page (.../sites/SITE_NAME/_layouts/15/groups.aspx). In here look for the New --> New Group action. This loads a new screen
- In this new screen, assign the name and description as required. Make sure to scroll to the bottom of the page and assign the permission group you created earlier
- Once this has saved. Click on Site Cog --> Site Contents. This loads a view of all the libraries you have. Hover over the tile for the library / list you want to amend and look for the ellipsis (...) to the right of the library name. Click on this and select settings
- In this new page, look under the the Permissions and Management header for Permissions for this document library. This loads a new screen
- Permissions for this document library
- If this library has permission inheritance, you'll see the group added here. If not, you'll need to add the group via the Grant Permissions button. You'll still need to add the relevant members to this group.
Hope that helps!
- Navigate to the root (the very top-level site) of the site collection where your site resides
Barbara_EM
It is not possible to apply different permissions to document versions.One possible approach might be to use a flow to "move" document versions to a different library where you can use permissions to prevent external users from accessing the items. The "move" needs to be made using a different security context because the external user will not have write permissions in this shadow library.
This also affects your internal users: they need to go to a separate library to access the versions. Search will also return search results from this other library. This is far from ideal.
One more thing: are the external folks allowed to see the changes in the latest document version from the different users? making sure they don't see that may also be tricky.
Summary: this seems like a requirement that is hard to implement
PaulHi Paul
Thanks a lot for your answer. I hesitate to duplicate documents - that can only lead to mistakes and confuse my users. I found this solution, but I can't make it work the way I need it to: https://sharepointmaven.com/how-to-prevent-users-from-accessing-old-versions-of-a-document/
To answer your question: yes, the external users should be able to see and edit everything in the latest version. They just shouldn't be able to see older versions.
Best,
Barbara
Barbara_EM
Moving/copying documents around is bad. Fully agree.The "CUSTOM PERMISSIONS LEVEL" approach should work.
One thing you should also check is whether the external users connect using OneDrive for Business.
If they use local copies and the sync has not yet run then they will have access to a previous version. Perhaps theoretical but something to be aware of.
Paul
