Stream embed permissions

lionel1055 · ‎Dec 06 2022

Currently, there are two ways of sharing/giving permissions to videos: direct access and shared links.

When embedding Stream on SharePoint videos, I have the following problem:

People with direct access are instantly able to access the embed, so far so good.

People who were granted access via a shared link (e.g. a link that allows access for the whole org) they can't see the video embedded on other sites (no permission). But after the first time they use the org-wide link, the embed will start working. It looks like SharePoint then understands that the user does have the correct permissions. It would be vital that this check runs automatically.

We are in a university setting and I want to avoid using direct access as it doesn't allow me to block downloads. Recommending student's to first click a direct link to the video and then access the embed would be overly complicated.

Any help would be much appreciated.

Kevin Crossman · ‎Dec 08 2022

I agree this is actually a pretty big problem, especially in a Onedrive context where there isn't an underlying permission level for "anyone can read" like there would be for many SharePoint Sites (especially sites housing lots of videos to be viewed).

Marc Mroz · ‎Dec 10 2022

@lionel1055 - Embed works off the actual permissions of the video file. The "Everyone in my Organization" share links don't grant actual permissions to a file until someone clicks it. Once they click the link then the permission gets set on the file. That's why you are seeing what you are seeing.

However, if you use the share link type of "People you choose" it assigns the permissions as soon as the link is created because it knows who the people are.

You are right that today in the "Manage access" dialog when you set "Direct access" you can't set block download / view only. There is also the "everyone except external users" group that if it's not disabled at your organization will work to assign direct access to "everyone in the organization" whatever permissions you want. That's something I'm working with the ODB/SPO share team to see if they can enhance exposing both "everyone except external user" as a top-level concept in the UX as well as view+block download.

As a workaround can do this...

Do you have a security group or M365 Group/Team that you want to grant view only + block download access to so that you can embed the video?

If so, the following should work.

Go to "Share" for the video
Change the link type to: "People you choose"
Change the settings to "Can view" and "Block download" to "On"
Apply
Now type in the name of the security group or M365 Group / Teams team that you want to give access to
You can just click "Copy link" and it creates the link for that group/team and they'll have access instantly without needing to click the link.

lionel1055 · ‎Jan 13 2023

Hi @Marc Mroz,

thank you for the detailed reply! We are currently trying to implement your solution but have the following problem:

Using the Share window, I can only select Individual Users and Teams. We have a few security groups, but I can only select those using Direct Access. Are there different kinds of security groups that can be selected using the Share window?

Thank you and best regards

Lionel

lionel1055 · ‎Mar 13 2023

@lionel1055- We had exactly the same problem and have managed to solve this. In the advanced sharing options it is possible to grant (a group of) users 'Limited Access' permissions (see also https://learn.microsoft.com/nl-NL/sharepoint/understanding-permission-levels#default-permission-leve...). By granting this level of permission they do not have the option to download the videos.
I hope this helps.

lionel1055 · ‎Mar 14 2023

@ArjanSmitThank you for your reply! We recently tested this workflow and it seems to be a good option for power users. For regular users, I would like to avoid people having to use the SharePoint classic interface.

@Marc Mrozit would be highly appreciated if this permission level could be integrated in the new SharePoint interface. It can be really confusing, especially for less advanced users, if you can use permission levels which can't be set/edited/removed in the new interface. This shouldn't be too much trouble, I assume?

candicecoppock · ‎Sep 27 2023

I am no longer able to share the Embed code on my website for district users. The link allows me to change settings for "everyone in the district with the link," but my district staff who are logged in like to see the video. This changed when Stream was updated. We need the option to change settings on the embed code feature as well. @lionel1055

jenn_X · ‎Feb 07 2024

@lionel1055

I'm having issues as well. The trouble is that to share a video all of the variables have to come along with it for others to view it. If you put it into a sharepoint page, sharepoint chops off those variables. So the videos I am making for my entire organization to view require permission to access. This is a bit of a headache, to be honest.

The way the settings work I can't just set the video to 'share' - and I certainly don't want to email every single person in my company every time I update a sharepoint page.

This change is recent and I hope they change how permissions work overall. The sharing dialog box often doesn't keep my settings - and I shouldn't have to send an email every time I want to change video permissions.

Marc Mroz · ‎Feb 22 2024

@jenn_X - Embed works off of who has direct access to the video file. The way share links works is that you have to click the link if it's a "everyone in my company" link. So "everyone" doesn't have access until they navigate to the link. We aren't doing that redemption of the link in embed or web parts.

You can follow the instructions I listed above to use share links but share it to specific people or groups. Or you can assign direct access to people or groups without the link or email. To do this from the Stream player page:

Go to the share drop down
Select Manage access
In the upper right there is a little icon of a person with a + sign, click that to open the "Grant access" screen
From grant access you can give permissions to any specific people, security groups, or M365 groups. When you do this those people have access to the file no matter what link or embed code is used.
Additionally, you can type the special phrase of "everyone except external users" into the grant access box, this will grant EVERYONE in your organization permissions to your file.

We have a project under development to add a button into Manage Access for video files only that will let you grant access directly to everyone in the organization without needing to use a share link they click nor sending an email. We think that in many cases this will help with these videos you intend to share widely via embed codes. I don't have a timeline I can say at this time but it is under development.

lionel1055 · ‎Mar 13 2023

@lionel1055- We had exactly the same problem and have managed to solve this. In the advanced sharing options it is possible to grant (a group of) users 'Limited Access' permissions (see also https://learn.microsoft.com/nl-NL/sharepoint/understanding-permission-levels#default-permission-leve...). By granting this level of permission they do not have the option to download the videos.
I hope this helps.

View solution in original post

Stream embed permissions

Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Re: Stream embed permissions

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Stream embed permissions