Forum Discussion

DekkerNick1's avatar
DekkerNick1
Copper Contributor
Jan 24, 2025

Hubsite Groups to Associated sites

We have a hubsite structure with a lot of associated sites for our project DMS. 
Within the hubsite, we have some groups to for external parties. These groups can be used by users to grant access to external parties on a library or folder in one of the associated sites. 

We would like to maintain those groups on our hubsite and sync the groups + the users to the associated sites. The option to sync permissions from the hub does not work since 1) the external parties should not have access to the whole site and 2) the created groups are SharePoint groups that cannot be synced. 

Does anyone has a solution for this? Does worked well with sites and subsites where subsites could you the groups created on the 'main-site'. 

Permissions
SharePoint Online
Sites

1 Reply

Sort By
  • ArefHalmstrand's avatar
    ArefHalmstrand
    Steel Contributor
    Jan 26, 2025

    Hello,

    I would recommend creating assigned security groups or even dynamic security groups. The groups should then be inserted within the SharePoint permission groups. This has to be done once for each site that is set up. 

    Without a customized provisioning script/solution, there is no easy way to automate the permissions structure. I would also not recommend syncing from the hub to the other sites because it creates a big risk of oversharing. 

    With the help of Entra ID security groups, you can manage everything from the Entra ID portal, and the permissions will sync to all the sites where you have applied the security groups. If you manage the properties of the internal members and external users, you could also have dynamic security groups that will automate the permissions delegation. 


    My recommendation is following:

    1. Identify users that should be within groups (customer 1, customer 2, internal region 1).
    2. Create security groups with a solid naming convention and apply the users within the groups.
    3. Navigate to the SharePoint sites/folders/objects that should be shared. 
    4. Add the security group within the right SharePoint permission group. 
      Note! By default, SharePoint provides three different permission roles (owner, member, visitor). 
      This can be customized, and you could also create your own permission role to further adapt the permissions given. 
    5. Do task number 3 and 4 for all relevant areas. This could take some time, but it is a one-time setup. 
    6. (Optional), if possible, try to plan a lifecycle management, an access review from time to time.

      Please mark as best reply if this was helpful 🙂

      Yours sincerely,
      Aref Halmstrand

Resources