cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Leave Those SharePoint Permissions for Office 365 Groups Alone

Tony Redmond
MVP

‎Feb 07 2019 07:23 AM

‎Feb 07 2019 07:23 AM

Leave Those SharePoint Permissions for Office 365 Groups Alone

 
Office 365 Groups and Teams make SharePoint much easier for people to use, with the price paid being the imposition of the groups permission model on SharePoint. On the upside, everything is very simple. On the downside, the permissions assigned to group members might not be what you want.
https://www.petri.com/leave-sharepoint-permissions-office-365-groups-alone
Labels:
1,067 Views
2 Likes
4 Replies
Reply
4 Replies
Vasil Michev

‎Feb 07 2019 10:38 AM

‎Feb 07 2019 10:38 AM

Re: Leave Those SharePoint Permissions for Office 365 Groups Alone

Yeah, just let everyone delete your (public) group files. Back when we first brought this up to MS folks, I was tempted to create a simple script that goes over each public group in the tenant and trashes everything in the site. Doubt it would change their mind regardless...

0 Likes
Reply
Tony Redmond

‎Feb 07 2019 10:42 AM

‎Feb 07 2019 10:42 AM

Re: Leave Those SharePoint Permissions for Office 365 Groups Alone

Vasil, stop being silly. 

 

People in the real world don't do stuff like that. If they do, they are fired.

 

And it's easy to protect against this kind of thing by assigning a default retention policy (say for one year) to all sites in a tenant. Or assigning a default retention label to important sites. You don't have to mess with SharePoint permissions to protect information.

0 Likes
Reply
Kevin Crossman

‎Feb 07 2019 12:10 PM

‎Feb 07 2019 12:10 PM

Re: Leave Those SharePoint Permissions for Office 365 Groups Alone

Lots of interesting observations and opinions.

 

The default permission level for the "Site Members" SharePoint Groups has been Edit in all the time I've been using SP Online (since 2013). I too would much rather this default be set at Contribute (and to be honest I don't see much of a use for the Edit permission level in practice).

 

That said, even though Edit is give to many many users where Contribute is probably the "safer" choice, because Edit is the default, we have seen virtually zero issues with people accidentally/on-purpose creating or deleting lists or libraries inappropriately.

0 Likes
Reply
Vasil Michev

‎Feb 08 2019 12:02 AM

‎Feb 08 2019 12:02 AM

Re: Leave Those SharePoint Permissions for Office 365 Groups Alone

The example I gave above is of course extreme, and Tony has already lectured me about it. But as a matter of fact, I did first find out about this because of a small incident we had with a file in a public group in my previous company. And we've seen the occasional thread or uservoice ask for changing the permissions.

 

In all fairness, we can now easily toggle the permissions right after the group is created. Which is actually what Microsoft seem to be suggesting on few of those UV items lately. I still believe the proper solution would be to have the "everyone except external users" added to the Site Visitors group instead, by default.

0 Likes
Reply