Forum Discussion
The following factors also affect the level of access for user (i:0#.f|membership|user@example.com)
I have a similar issue, I noticed that the group "All Users" was being given Site Collection Admin automatically. I made a post about it yesterday and was now roaming more deeply in here to see if anyone had the same problem.
Your post is the first thing I noticed and then found out about what's said in my post.
But if your Site Collection Admin only lists yourself, it might be something else.
On my side I don't know why those permissions are added back.
Regards
I think it's a case of someone with global permissions or tenant/higher permissions granting permissions to what they think is a certain area but not realizing that some permissions apply to all areas of o365. SharePoint has always had its own "corner" to have information remain truly secure but once it was pulled under the governance of someone in charge of all MS program, many without the expertise try to accommodate one thing and affect other parts. SP should have the ability to break permission inheritance and allow SP administrators and developers to have full control over that corner to continue protecting any and all areas that requires protection.
I found the source of my problem.
By luck, I guess, I had another issue on my Veeam for Office 365 and while resolving it I saw that somewhere there on the Backup accounts, the group All users was selected.
That was it causing the group to be added every night.
Never would have thought of going check that there if it weren't for the issue I had.
