02-07-2019 07:23 AM
02-07-2019 07:23 AM
02-07-2019 10:38 AM
Yeah, just let everyone delete your (public) group files. Back when we first brought this up to MS folks, I was tempted to create a simple script that goes over each public group in the tenant and trashes everything in the site. Doubt it would change their mind regardless...
02-07-2019 10:42 AM
Vasil, stop being silly.
People in the real world don't do stuff like that. If they do, they are fired.
And it's easy to protect against this kind of thing by assigning a default retention policy (say for one year) to all sites in a tenant. Or assigning a default retention label to important sites. You don't have to mess with SharePoint permissions to protect information.
02-07-2019 12:10 PM
Lots of interesting observations and opinions.
The default permission level for the "Site Members" SharePoint Groups has been Edit in all the time I've been using SP Online (since 2013). I too would much rather this default be set at Contribute (and to be honest I don't see much of a use for the Edit permission level in practice).
That said, even though Edit is give to many many users where Contribute is probably the "safer" choice, because Edit is the default, we have seen virtually zero issues with people accidentally/on-purpose creating or deleting lists or libraries inappropriately.
02-08-2019 12:02 AM
The example I gave above is of course extreme, and Tony has already lectured me about it. But as a matter of fact, I did first find out about this because of a small incident we had with a file in a public group in my previous company. And we've seen the occasional thread or uservoice ask for changing the permissions.
In all fairness, we can now easily toggle the permissions right after the group is created. Which is actually what Microsoft seem to be suggesting on few of those UV items lately. I still believe the proper solution would be to have the "everyone except external users" added to the Site Visitors group instead, by default.