Stream embed permissions

Copper Contributor

Currently, there are two ways of sharing/giving permissions to videos: direct access and shared links.


When embedding Stream on SharePoint videos, I have the following problem:

People with direct access are instantly able to access the embed, so far so good.

People who were granted access via a shared link (e.g. a link that allows access for the whole org) they can't see the video embedded on other sites (no permission). But after the first time they use the org-wide link, the embed will start working. It looks like SharePoint then understands that the user does have the correct permissions. It would be vital that this check runs automatically.


We are in a university setting and I want to avoid using direct access as it doesn't allow me to block downloads. Recommending student's to first click a direct link to the video and then access the embed would be overly complicated.


Any help would be much appreciated.

8 Replies
I agree this is actually a pretty big problem, especially in a Onedrive context where there isn't an underlying permission level for "anyone can read" like there would be for many SharePoint Sites (especially sites housing lots of videos to be viewed).

@lionel1055 - Embed works off the actual permissions of the video file. The "Everyone in my Organization" share links don't grant actual permissions to a file until someone clicks it. Once they click the link then the permission gets set on the file. That's why you are seeing what you are seeing. 


However, if you use the share link type of "People you choose" it assigns the permissions as soon as the link is created because it knows who the people are. 


You are right that today in the "Manage access" dialog when you set "Direct access" you can't set block download / view only. There is also the "everyone except external users" group that if it's not disabled at your organization will work to assign direct access to "everyone in the organization" whatever permissions you want. That's something I'm working with the ODB/SPO share team to see if they can enhance exposing both "everyone except external user" as a top-level concept in the UX as well as view+block download. 


As a workaround can do this...

Do you have a security group or M365 Group/Team that you want to grant view only + block download access to so that you can embed the video?


If so, the following should work.

  1. Go to "Share" for the video
  2. Change the link type to: "People you choose"
  3. Change the settings to "Can view" and "Block download" to "On"
  4. Apply
  5. Now type in the name of the security group or M365 Group / Teams team that you want to give access to 
  6. You can just click "Copy link" and it creates the link for that group/team and they'll have access instantly without needing to click the link. 

Hi @Marc Mroz,

thank you for the detailed reply! We are currently trying to implement your solution but have the following problem:

Using the Share window, I can only select Individual Users and Teams. We have a few security groups, but I can only select those using Direct Access. Are there different kinds of security groups that can be selected using the Share window?


Thank you and best regards


best response confirmed by lionel1055 (Copper Contributor)

@lionel1055- We had exactly the same problem and have managed to solve this. In the advanced sharing options it is possible to grant (a group of) users 'Limited Access' permissions (see also By granting this level of permission they do not have the option to download the videos.
I hope this helps.

@ArjanSmitThank you for your reply! We recently tested this workflow and it seems to be a good option for power users. For regular users, I would like to avoid people having to use the SharePoint classic interface.

@Marc Mrozit would be highly appreciated if this permission level could be integrated in the new SharePoint interface. It can be really confusing, especially for less advanced users, if you can use permission levels which can't be set/edited/removed in the new interface. This shouldn't be too much trouble, I assume?

I am no longer able to share the Embed code on my website for district users.  The link allows me to change settings for "everyone in the district with the link," but my district staff who are logged in like to see the video.  This changed when Stream was updated.  We need the option to change settings on the embed code feature as well.  @lionel1055 


I'm having issues as well. The trouble is that to share a video all of the variables have to come along with it for others to view it. If you put it into a sharepoint page, sharepoint chops off those variables. So the videos I am making for my entire organization to view require permission to access. This is a bit of a headache, to be honest. 

The way the settings work I can't just set the video to 'share' - and I certainly don't want to email every single person in my company every time I update a sharepoint page. 

This change is recent and I hope they change how permissions work overall. The sharing dialog box often doesn't keep my settings - and I shouldn't have to send an email every time I want to change video permissions.

@jenn_X  - Embed works off of who has direct access to the video file. The way share links works is that you have to click the link if it's a "everyone in my company" link. So "everyone" doesn't have access until they navigate to the link. We aren't doing that redemption of the link in embed or web parts. 


You can follow the instructions I listed above to use share links but share it to specific people or groups. Or you can assign direct access to people or groups without the link or email. To do this from the Stream player page:

  • Go to the share drop down
  • Select Manage access
  • In the upper right there is a little icon of a person with a + sign, click that to open the "Grant access" screen
  • From grant access you can give permissions to any specific people, security groups, or M365 groups. When you do this those people have access to the file no matter what link or embed code is used. 
  • Additionally, you can type the special phrase of "everyone except external users" into the grant access box, this will grant EVERYONE in your organization permissions to your file. 

We have a project under development to add a button into Manage Access for video files only that will let you grant access directly to everyone in the organization without needing to use a share link they click nor sending an email. We think that in many cases this will help with these videos you intend to share widely via embed codes. I don't have a timeline I can say at this time but it is under development. 

1 best response

Accepted Solutions
best response confirmed by lionel1055 (Copper Contributor)

@lionel1055- We had exactly the same problem and have managed to solve this. In the advanced sharing options it is possible to grant (a group of) users 'Limited Access' permissions (see also By granting this level of permission they do not have the option to download the videos.
I hope this helps.

View solution in original post