Forum Discussion
Solved
SharePoint Online and contractors
One of my customers has many contractors who need to have a company email address but they shouldn't have access to any of the public team sites.
How should this be approached?
My first thoguht was to remove their SharePoint licence in the Amdin Center but that doesn't seem to take their permission away from the team sites.
Are there any otehr proven ways of removing permissions for a set of individuals?
- There is no event when a site is created. If you have control over AD groups you could have a job looping over sites, replacing Everyone with some other AD group which don't include the contractors. We do something similar at a customer where we regularly check that Everyone on pub groups have read only and not contrib, which is the default setting.
We use azure web jobs for this running once a day.
6 Replies
N/M
- Everyone is not added to all sites by default. A regular site has no permissions until someone adds them. But for public Group sites, Everyone will indeed have access.
- Hi Mikael,
In this case I have indeed public group sites.
Any clever ideas that I may have missed to remove a set of users by default. I was thinking maybe something with flow or function apps that are triggered by the creation of a site.
