cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Teams Private/Shared Channel connected site don't inherit Site Sharing Permissions from Parent site?

Hughes818
Iron Contributor

‎Nov 08 2023 11:47 AM - edited ‎Nov 08 2023 11:53 AM

‎Nov 08 2023 11:47 AM - edited ‎Nov 08 2023 11:53 AM

Teams Private/Shared Channel connected site don't inherit Site Sharing Permissions from Parent site?

We recently started using Sensitivity Labels for Containers so that we could apply a Highly Confidential or Confidential label to a Microsoft Team.  Since Sensitivity labels don't include any way to configure the "Site Sharing" permissions for the connected site, we need to first create the team and assign the label.  Then we need to go to the Site Permissions of the connected team site and change "Site Sharing" to "Only site owners can share files, folders, and the site".  That assures that the team owner remains in control of whether folders or files are shared outside the team.  Great, right?  (Not quite).

 

What we noticed is that the Site Sharing setting holds for any Standard Channels that are created.  But as soon as the team owner creates a Private Channel, the new site that gets created as a result, does not inherit the same Site Sharing setting as the parent.  The same is true if they create a Shared Channel.  Those new sites revert back to Microsoft's default of "Site owners, members, and people with Edit permissions can share files and folders."

 

So, the end result here is that team members are restricted from sharing folders/files from any of the Standard Channels, but channel members can share folders/files from within any Private or Shared Channels!

 

I would have figured that Private and Shared Channels would have inherited that setting from the Parent site, so it doesn't have to be set for every Private or Shared Channel that is created thereafter.  Or I would have figured, there was a way to change the default for Site Sharing...but I don't see that anywhere either.  This appears to be a pretty serious gap to me.  I would be willing to bet most team owners don't realize how easy it is for members to share folders/files from a team they're responsible for...without them even knowing...since the "Access Control" you can enable within the Site Sharing permissions only works if trying to share the site...that doesn't work for folders or files.

 

Am I missing something here?  Am I going about this all wrong?  Is there a better way to accomplish that?

 

Thanks :)

Preview file
18 KB
Preview file
14 KB
Preview file
14 KB
919 Views
1 Like
0 Replies
Reply
0 Replies