Hi Magnus,

thanks for your reply.

1. Unchecking that checkbox also broke OneDrive sharing, so that's not an option.

2. I found this the hardest part. From file server ACLs I'm used to just add domain users to my root share with read permissions to that folder only. I have no idea where I can do that in Sharepoint and the video doesn't explain that.

3. I'll check it out once I get permissions setup.

Unless this is about highly confidential documents,

It is about confidential documents. Management, Staff, Finance are all folders that are ONLY for certain users.

I recommend that you do not "lock down" the access too much, that will cause a lot of extra work. Keep it simple and stay as "open" as possible.

I am installing Windows File Servers for ten years now in SMBs. Creating a shared folder structure and applying ACLs (with the RBAC / IGDLA approach) takes me no longer than 15 minutes. Once it's done, changes happen once or twice a year. I absolutely disagree with your statement. However, I can imagine in big corporations teams may be more fluid. But I'm talking about 50 people.

(If needed, everything is traceable in the version history and Audit Log and possible to track afterwards.)

I rather prevent problems, than chasing them. Aside from that, nobody in a 50 person company has time for that.

I can see the advantages of SharePoint in an environment with many branch offices, or OneDrive when it comes to sharing files with guests. But setting up a document share with proper permissions, I find a thousand times easier on a Windows server. If my customer wouldn't have so many branches, I wouldn't even consider SP for a second. Very frustrating...

Hi @Daniel Niccoli,

The "Members Can Share" feature that Magnus pointed out is configurable on a per-site collection basis so you should be able to disable that on SharePoint sites (so that only owners are allowed to share) but leave it on for OneDrive (so that sharing works as expected there). Thanks!

Stephen Rice

OneDrive Program Manager II

Hi, at the site collection level I set it so only site owners can share.

Only the IT team have been set as owners of the site and subsites.

When  I open a subsite I can see all options under access request permissions are unticked.

However staff who are not owners of the sites are still able to open a document library and share a folder or file.

Its seems the settings are not applying.  Anyone have any idea what could be the problem?

Can someone provide a powershell script we could try to do the same?

We want any new folders and files to inherit permissions and not allow staff to create special permissions by sharing.  We are also only a 50 person company and its more efficient for us to manage permissions this way its also important for us to keep a tight hold of which staff have access to our data.

P.S. We also have one drive syncing.

Hi @geckonet,

Can you paste screenshots of the request access UI & the sharing options that your end users are seeing? Thanks!

Stephen Rice

OneDrive Program Manager II

We had thought our staff could share as we noticed the share button becomes enabled when they select a folder and they were able to then open the 'share with' page. 

Further testing shows though that they can't actually commit the share. When they hit 'share' they are prevented from sharing and presented with the ugly error message below.

Not exactly eloquent but  it fits the purpose.

Hi @geckonet,

Agreed though I think it is better in the modern UI :) Glad it's working at least!

Stephen Rice

OneDrive Program Manager II