Forum Discussion

David_Elsner's avatar
David_Elsner
Brass Contributor
Jan 14, 2022

SharePoint Permission for guest users through security groups

I noticed something strange in SharePoint Online and would like to get your confirmation for this behaviour or your comment if I am doing anything wrong.   We have many guest users in our organisat...
sharepoint permission guests
edgepharos's avatar
edgepharos
Copper Contributor
Apr 19, 2022
Do you add the AAD group inside an existing sharepoint group or directly in root site permissions? This procedure you are describing we're using a lot since we also use dynamic group membership to populate those guest accounts and then add those dynamic groups to sharepoint. So from what I can understand this should work as you want.
David_Elsner's avatar
David_Elsner
Brass Contributor
Jun 23, 2022
Sorry for the late reply. I didn't see the notification.
I am adding the AAD group in the site visitors group.
The site visitors group is a SharePoint group, but I do not use dynamic groups.

However, an external user does not get access to the site through a group. Only throug a direct user assignement. Any further idea? That is an important issue for us...
  • David_Elsner's avatar
    David_Elsner
    Brass Contributor
    Jun 23, 2022
    Also: When I "check permission" I receive none as a result 😞
    • edgepharos's avatar
      edgepharos
      Copper Contributor
      Jun 24, 2022

      David_Elsner this is indeed pretty strange yes. I cannot understand why it is like this. As I use this for multiple hundreds of users in dynamic groups but that shouldn’t matter.

      testing some things to clarify

      - if you add a tenant user in the same aad group do you see in check access that the user receives the sp group access? To verify internal users work

      - if you have a teams group with internal and external guest users can you add that team aad group to sharepoint and see if you check access and get info about the normal and guest users then?

       

      depending on the above results one can investigate further. Are you a tenant admin or at least site collection admin on that site?

       

      • David_Elsner's avatar
        David_Elsner
        Brass Contributor
        Jun 24, 2022
        Thanks for your reply.

        - Yes internal users work instantly. Also the check permission does what it should.
        - Yes, Microsoft 365 groups (thats what you mean by "teams group", right?) also work as intended.

        So: Only normal Security groups have this issue.

        I am a global admin 😉

Resources