Request to Join Private Group

Silver Contributor

When a user goes to SPO group enabled site that has a Private group, they request access and when the Group Owner grants access (by clicking on the link in the email they opened in OWA) they are getting added to the SP Members group and not to the O365 Group. This is not the behavior that we are expecting, do we have something misconfigured, or is this the way it supposed to work?

 

@Tony Redmond I'm reading Chpt. 14, but not seeing anything special that I need to be doing.

 

Below is the invite that I am seeing, clicking on Accept adds the requester to the SP Members group instead of the expected O365 Group as a member

GroupInvitation.PNG

 

 

 

10 Replies
A private group was recently set up in our organization and I was surprised to receive an access request from someone who was defined as a Group Owner in Office 365. I found that the Office 365 Group ownership permissions were not shown in the SharePoint site associated with the group. I feel that this issue is similar to the one being described here.
To me this functionality sounds to be correct since you are adding the user to the SPO Site and not the Group...Are you adding a corporate user or an external one?

This occurs when an internal corporate user is trying to access a site for which they have a URL. We don't want to add them to SP Members group, we want the recipient of the request (the Group owner) to be add the person to the Office Group. We previously migrated the sites from SP 2010 and made them into Group enabled team sites without any members (we did this because permissions were a mess and wanted to start clean). Now that people are being told about the sites, they go to them, get access denied, request access and end up in the SP members group (:.

SharePoint permissions are complicated. I don’t know if removing everything to start over was the right way to solve this problem. JCM has much more experience than I do dealing with the juju in SP permissions...
BTW, what happens if you add the user to the group with PowerShell, OWA, or the Admin Center? I wonder if some synchronization from AAD to SPODS might be at the root of the issue.

If I use the Admin center, then I have total control and the user ends up in the Office Group as desired.  But I don't want to be involved, I'm expecting the management of Office Group membership to be handled by the people that are Group Owners.

 

Juan is probably on to something about this scenario being a Site Access Request instead of a Group Access Request, so that begs the question of how does a user request access to an Office Group?

 

Maybe I'm being naive or dense, but shouldn't this just work?

It should just work, but I bet you have found an edge condition from those old sites and their messed up membership that gets in the way. Time for a support request.

I was think that might have been the case, but I'm seeing the same behavior in a clean demos.microsoft.com site.  I'm wondering if I'm thinking about this wrong, when i read the guidance at https://support.office.com/en-us/article/add-and-remove-group-members-in-outlook-3b650f4a-5c9b-4f94-... it tells me that I need to invite someone from OWA to join a Private Group.

Does this mean that if I just tell someone the URL, then they cannot type it and request access to the group? This is what is happening and I'm starting to think that this scenario is not supported.

Private O365 groups are listed in OWA. Requesting access there works as intended. Requesting access via the link to the team site associated with the O365 group only gives users access to the team site. 

We are seeing the same behaviour on a bunch of new SharePoint sites created as part of new Office 365 Groups.

I understand that from SharePoint's perspective, this is behaving as designed. User is trying to access a SharePoint site they don't have permission to, SharePoint is generating an access request, when it's approved they're getting added to the SharePoint group, not the Office 365 Group. I follow the logic, but it's confusing for end users.

 

I don't want to have to explain to a collection of accountants and actuaries the difference between SharePoint groups and O365 Groups. The whole concept of Unified Groups/O365 Groups is that you don't grant people access to the individual components, you add them to the O365 Group and everything flows from there. If I go to the Site or Document Library there are the little circles in the top right corner showing who is a current member of the group, and if you click that and Add Member, the person gets added to the Office 365 Group. That's the sort of behaviour I expect on O365-Group-connected SharePoint Sites.

 

My problem is when one user wants access to some files, and another user emails or IMs them the link to the sharepoint site. If User1 is already in the Group, all works, they get the files. If User1 isn't in the group then they get a page that invites them to generate a *SharePoint* access request, which goes to the O365 Group Owner. When it's approved they get access to the SharePoint site, but not the larger O356 Group. The workflow by users is sensible. I can also understand why SharePoint currently works the way it does, but I think that behaviour should be changed on Group-connected sites.

 

Explaining to users that when they see that prompt they should close Edge and go to *Outlook* or OWA and search for the Group there to request access... people aren't going to do that. It's counter-intuitive. And when they do it the "wrong" way and request access via the form SharePoint puts under their noses, and the O365 Group owner approves, they *get the files they want*, so as far as they're concerned the "wrong" way works fine. It's very hard to train people to do something totally different in that situation.

 

Anyway, that's my take on it. Rant over =)