Forum Discussion
MicrosoftUPDATE: Create Office 365 Groups with team sites from SharePoint home moving beyond First Release
What impact does setting the Group Members to Read on the sharepoint site have on Group Files, Notebook, etc (like from the Groups UI, and Groups mobile app?)
I assume any of the Group workloads that technically live in SharePoint would just become read-only?
Also, is there the possibility to do any kind of different permission levels for standard Group roles
- Like make Group Members Contributors instead of Editors
- Make Group Owners Editors, not Full Control
- etc?
Tejas MehtaBTW, there is a way to achieve the shift of members to 'Contribute' from 'Edit'.
1) Create a new SP group, e.g. "Foo group Contributors" and assign it 'Contribute' permission level
2) Grant permission to this new SP group
3) Add the 'Foo group' member claim to this SP group
4) Delete the 'Foo group' member claim from the 'Foo members' SP group
Net effect is to give contribute permissions to group members, however the simple UX will only show the 3 default SP groups. Per my previous post, we're looking at adding a contribute bucket in the panel to simplify.
- Hi Tejas,
I'm trying to do step 4 in your post but not having much success in deleting the 'Foo' group from the 'Foo Members' SP group. In 'Site Settings - People and Groups - Foo Members' UI, the 'Foo' group can't be selected like any other group member as the checkbox is grayed out. I've also tried creating a new 'TestGroup' and adding 'Foo' as member with the same issue - checkbox grayed out preventing member from being deleted. From the Sharepoint mgmt shell I've tried the following command:
Remove-SPOUser -LoginName foo@company.com -Site https://<orgid>.sharepoi
nt.com/sites/<foo> -Group "TestGroup"
For LoginName, I've also tried the Foo group GUID given by:
Get-SPOUser -Site https://<orgid>.sharepoint.com/sites/<foo>
They both return the error "Remove-SPOUser : The user does not exist or is not unique."
Could you please point me in the right direction to delete the group from group membership?- Tejas Mehta
Hi Proliance - there is a pending fix to the problem you're seeing where the remove action is greyed out for the member claim. Until that fix shows up in your environment, there is a workaround. From the modern permission panel, simply move the group members from Edit to Read. Then, make sure that the member claim is added to the new SP group you created with the 'Contribute' permissions.
Net effect will be what you desire. You will see members have 'read' permissions in the modern panel, but under the covers they actually have 'Contribute' from the addition to the new SP group.
- The bucket for Contribute will be great! My recommendation would actually be to make Contribute be the default. I think you'd find a lot of support for that in this community (both the bucket and the default)
- +1 for Brent's suggestion to make Contribute the default!!!
- Tejas Mehta
Hi Brent, great questions. You are right to note that if the group members are dropped to 'Read' on the SharePoint site, then any resource in SharePoint will be read only, including the Notebook.
On the questions around more advanced permissions, the goal of the new permission panel is to simplify and streamline the most common permission actions. The panel shows the three default SP groups created for every site. For those looking to implement more complex permission configurations, the panel provides an affordance to go to 'Advanced permission settings' which takes you to the classic user.aspx permissions management experience.
We are also looking at expanding the simple UX to expose a 'Site Contributors' group which would assign 'Contribute' to people or groups put in that bucket. We have it on our backlog, but would love to hear more from the community on how valuable it would be. We've heard feedback that the contributor role is preferable in some cases where site owners want to limit members from modifying lists and their views.
We do not have plans to allow for group owners to become editors. Would love to hear more about that particular scenario as owners would lose the ability to manage permissions on the site, among other things, if they were dropped from full control to edit permissions.
Hi,
On regular sharepoint team sites we usually change the "Site owners" from Full Control to Design or Approve. In order for them to be able to manage the site security we make the "Site Owners group" the Owner of the other 2, 3 or whatever amount of groups on the site. Then we expose the Site Users web part on the home page. This way they can click and add/remove users to the right spot without going into Site settings, changing things and breaking permissions on librariels/files etc. This proves to work nicely with all users no matter their level of SharePoint knowledge. I would love to see this or similar in these new Group team sites.
We also are working on guidance about the proper approach to the defualt document library. In general, as we discussed at Ignite, we advise allowing the default team site library to run with default settings etc. Highly intricate folder structures, use of mandatory metdata, content type overrides, alsong with bespoke security, is best reserved for additional document libraries on those sites to be used alongside the default; or in sites reserved for that level of control where Teams, Planner, etc, will not be primary toolsets for those team sites.
- David Rosenthal
Tejas Mehta Any impact on Microsoft Teams by giving people 'Read' permissions in this manner? I'm assuming anything based in SharePoint will switch accordingly (files, onenote, etc), but is there any impact to the chat based conversation or anything else?
- Tejas Mehta
Hi David - the 'Read' permission applies to anything stored in SharePoint, which would include files stored by Teams. Group owners should think about the implications of making SP read only for group members as it will have an impact on experiences outside of SharePoint that rely on things like file storage in doclibs, etc.
