How to allow access to teams but not give access to everything in SharePoint site

New Contributor

We're new to teams and trying to figure out the best way to set up teams and office 365 groups in the most optimal method.    


We're struggling with the scenario where you have a Team (let's say HR), and you want to allow outside people to their Team site but we also want to allow communication to just HR people (as well as share items in the Team site and connected SharePoint site) without the outside members of the Team being able to see them.


Microsoft FastTrack is suggesting we set up a separate SharePoint site for the HR Only content.   Which requires additional Groups to control access.  So now we're doubling up sites and groups which magnifies maintenance and seems less than optimal.    


Can anyone provide any guidance about how your companies are setting up teams and SharePoint for this Scenario?   


Thank you in advance. 

6 Replies
So if I understand you correctly, some people besides HR should access team resources and some should also be able to access files? While not everyone?

You can just create an additional library and have permissions set to it and and that as a tab. If some people outside HR should access some resources in Teams and some files you can also create private channels for HR only and invite other people to the Team. They can then access all resources except the private channels in which HR have their private stuff.

There’s a few ways you can work with all this but in that case I need more info on the scenario


@over2klb How big is the company?


For company wide communications I would normally have a team for the whole organisation, then have channels for each department. That's a public space where anyone can communication and access content.

Then if a closed team is required for confidential HR matters have a separate team for just their group.


The reason I asked about company size, there's currently a limit of 5000 people in one Team, so that might limit your all company team.

Same suggestion here. We don't use Team sites for the HR site thou since as you say it's connected to another group. We have a structure in place where all departments have their own "Department name Team" which is their private Team / SharePoint site. And then departments that need an org facing presence have SharePoint Communication sites setup for them for this purpose where the org has access to those for discoverability. So for HR, we have a communication site called Human Resources, and they also have a Team called Human Resources Team.

I know all sites with the name/URL Team in them is their private site. They can also plug cloud storage option into their general files tabs to get access to their org facing content from within Teams.

@Steven Collier   currently a little over 6000 which puts us over the 5000 member limit.   which is another restriction that we're dealing with.  

Anyway, to answer the orgianl subject question. The only way you can have people in a Team, and have others in that same Team and restrict access to SharePoint content on the connected site, is to give owner rights to everyone on the Team that needs access to everything, and then you can restrict members permissions on the content they shouldn't see.

That said. I would split the content to separate sites, either have the Team as the public location and another Comm-site just to house private docs. etc.

@Chris Webb I'm coming across what you wrote after a year, but wondering if you meant having the team site be for private docs and the comm site be public facing?