Forum Discussion

RedK1's avatar
RedK1
Copper Contributor
Feb 26, 2018

SharePoint Online hide "site contents" and "site usage" page (modern sites)

I have a scenario with external users.   I created a custom permission level for these users. The custom permission level is a copy of the default "Read" permission level, but I unchecked the "Vi...
2016
security
SharePoint Online
Usage
rpawa's avatar
rpawa
Copper Contributor
Aug 23, 2019

Deleted 

 

I was running into this exact issue. Trying to setup a very strict "Read only" permission group for our Sharepoint site. I thought I had something working, and then found the gear icon had both "Site contents" and "Site Usage" listed. And, when I went to "Site Contents", I could do anything an admin can do (checkout, checkin, download, delete, upload).

 

I've made mitigated a big part of the issue, but I don't think it's good enough yet.

 

I found the "Style Resource Readers" group had Contribute permissions at the highest level (in addition to "Read" and "View Only"). Removing the Contribute permission from this group at least removed "Site Usage" from the gear, and when I went to the contents I could no longer checkout, checkin, delete or upload; but I could still get to the Site Contents, open the files and download them. This is not desired for a "Read only" user.

 

Next I'm going to try using the "View only" permission instead of the "Read" permission.

 

p.s. I just noticed as what should be a Read only user I can pull up the "Shared With" window, and share the site with presumably anyone! Not something I want them to be able to do. The window doesn't let them select the appropriate group...that's somehow much scarier, I have no idea what group that user would be put into.

 

Update: I have a solution!

 

Short answer: use "Restricted Read" instead of "Read" or "View Only", and also set the Style Resource Readers group to "Restricted Read".

 

When I used "View Only", Site contents were still available but files could no longer be downloaded, that was a substantial improvement but not quite all the way to what I want.

 

I then tried "Restricted Read", and now "Site Contents" is removed from the gear icon. "Shared With..." is still listed as an option, but clicking it results in an error and the sharing window does not come up. Pages still seem to work, and I don't seem to be able to edit list items. So this is a workable solution for me. I believe "Restricted Read" is a standard permissions group for SharePoint, in case it isn't, you can create it yourself by adding a new permission level with the following items checked in the "Permissions" section: View Items, Open Items, View Pages, and Open. 

 

I have not experimented with creating a special permission level to pare this down even further (i.e. I don't know exactly what those permissions do, and what would happen if I took them away).

csomerlot's avatar
csomerlot
Copper Contributor
Sep 10, 2019

rpawa , can you confirm this was on a modern site?