Forum Discussion
Solved
SPO with AD groups - refresh membership
Hello,
I use synced AD groups to set permissions on SharePoint Online document libraries.
When I remove, let's say 'userA', from my AD group then run a synchronization to O365, userA still have access the doc library. Any other user who not belongs to the group can't access to the doc library.
Are there any refresh group membership or token lifetime involved ?
Or maybe there is another method to use the AD group in SharePoint Online ?
Thanks
I use synced AD groups to set permissions on SharePoint Online document libraries.
When I remove, let's say 'userA', from my AD group then run a synchronization to O365, userA still have access the doc library. Any other user who not belongs to the group can't access to the doc library.
Are there any refresh group membership or token lifetime involved ?
Or maybe there is another method to use the AD group in SharePoint Online ?
Thanks
3 Replies
Hello,
After severals tests, I think the membership refresh is OK. But I have a stranger user experience.
Case : the user has access to a file (for example a word file), then I remove the access for this user.
=> If the user lets his tab opened in the browser, he is able to modify the document ! I tested several times (with group, direct access and even with anonymous links). From my point of view, it is a big security breach !
Anyone has experiment the same ? How can I handle this ?
