Stream embed permissions

New Contributor

Currently, there are two ways of sharing/giving permissions to videos: direct access and shared links.


When embedding Stream on SharePoint videos, I have the following problem:

People with direct access are instantly able to access the embed, so far so good.

People who were granted access via a shared link (e.g. a link that allows access for the whole org) they can't see the video embedded on other sites (no permission). But after the first time they use the org-wide link, the embed will start working. It looks like SharePoint then understands that the user does have the correct permissions. It would be vital that this check runs automatically.


We are in a university setting and I want to avoid using direct access as it doesn't allow me to block downloads. Recommending student's to first click a direct link to the video and then access the embed would be overly complicated.


Any help would be much appreciated.

3 Replies
I agree this is actually a pretty big problem, especially in a Onedrive context where there isn't an underlying permission level for "anyone can read" like there would be for many SharePoint Sites (especially sites housing lots of videos to be viewed).
best response confirmed by lionel1055 (New Contributor)

@lionel1055 - Embed works off the actual permissions of the video file. The "Everyone in my Organization" share links don't grant actual permissions to a file until someone clicks it. Once they click the link then the permission gets set on the file. That's why you are seeing what you are seeing. 


However, if you use the share link type of "People you choose" it assigns the permissions as soon as the link is created because it knows who the people are. 


You are right that today in the "Manage access" dialog when you set "Direct access" you can't set block download / view only. There is also the "everyone except external users" group that if it's not disabled at your organization will work to assign direct access to "everyone in the organization" whatever permissions you want. That's something I'm working with the ODB/SPO share team to see if they can enhance exposing both "everyone except external user" as a top-level concept in the UX as well as view+block download. 


As a workaround can do this...

Do you have a security group or M365 Group/Team that you want to grant view only + block download access to so that you can embed the video?


If so, the following should work.

  1. Go to "Share" for the video
  2. Change the link type to: "People you choose"
  3. Change the settings to "Can view" and "Block download" to "On"
  4. Apply
  5. Now type in the name of the security group or M365 Group / Teams team that you want to give access to 
  6. You can just click "Copy link" and it creates the link for that group/team and they'll have access instantly without needing to click the link. 

Hi @Marc Mroz,

thank you for the detailed reply! We are currently trying to implement your solution but have the following problem:

Using the Share window, I can only select Individual Users and Teams. We have a few security groups, but I can only select those using Direct Access. Are there different kinds of security groups that can be selected using the Share window?


Thank you and best regards