Mar 06 2017 07:55 AM
Hi,
How can I allow the use of guest link only for specific users in an organization?
thx
Mar 06 2017 03:12 PM
Mar 06 2017 08:24 PM - edited Mar 06 2017 08:28 PM
I would expand on that. The setting does have to be set at the global level yes, but then its also set at the individual site collections (Sharepoint site collections, meaning I can have the global setting on, while having other site collections disabled).
Also I believe each users OneDrive is its own site collection, even though somehow the settings for User's guest links, is one setting for all users's OneDrive??
I hope this feature becomese available soon, to where we can control guest links for only specific users, not all users or no users...
thx
Mar 07 2017 12:01 AM
If we are talking about ODFB here, it should indeed be possible as you can now control the sharing options per SC. However, the "allow guests" setting is "less restrictive", and the per-SC permissions can only be "more restrictive". Thus you take to do it the other way around - configure ExternalUserAndGuestSharing at the Global level and then switch Guest sharing off for everyone apart the user(s) you want to be able to use this.
That's assuming you only want to give them permissions to share files in their own ODFB.
Mar 07 2017 03:37 AM
Hi Vasil.
Interesting perspective, as usual!
I have tested it and it appears to work.
A couple of questions:
Mar 07 2017 07:20 AM - edited Mar 07 2017 07:21 AM
I don't particularly like this solution, as I am having to then remember to turn off guest-sharing for each new person that is created, which can be easy to forget. But I suppose it is a method it could work, since a regular user would not be able to connect to PowerShell to turn it back on, unless there is another way for that to happen, because as Salvatore points out, a user would be a SCA of his/her own ODFB SC.
Mar 07 2017 11:38 AM
@Salvatore Biscari I dont think PowerShell respects the SCA settings, the GA/SPO Admin permissions you need to run PowerShell superseed those I guess. @jcgonzalezmartin is the authority on SharePoint, he might be able to give more insight 🙂
As for the owner being able to revert them, in theory this is indeed the case, if he is able to access the relevant settings. Pretty much the same issue we had with the owner of the ODFB site being able to remove IRM protection.
Mar 07 2017 11:55 AM
@VasilMichev wrote:As for the owner being able to revert them, in theory this is indeed the case, if he is able to access the relevant settings.
I think so too, in theory.
But how can an user access, in practice, the sharing capability setting of his/her ODFB SC?
Mar 07 2017 12:40 PM
Ey guys,
Sorry for being late at the party...basically as you have already said, end user is not going to be able to configure (and he/she shouldn't even knowing he/she is the owner of his/her site collection) the sharing setting for ODFB...this capabilitie should remain on the GA / SPO Admin
Mar 07 2017 01:19 PM
Thank you Juan.
But let us suppose the user is you ( i.e. a super expert, but nevertheless a simple user, not a GA / SPO admin).
My question is : will you be able to change the sharing capability setting of your ODFB SC ?
If yes, how?
Mar 07 2017 02:01 PM
Mar 07 2017 03:38 PM
I'll try to summarize:
Wow!
Thanks. 😉
Mar 07 2017 10:46 PM
Mar 13 2017 10:36 AM
Hi all,
As you may know, we have a feature coming out soon that will allow admins to specify which security groups are allowed to share externally. This feature will restrict only those users in the specified SG's from sharing both externally and anonymous (if enabled). Now, that doesn't sound like it would be useful in this case, but we also have some work planned to separate out the "anonymous" and "authenticated external" setting.
This would mean you could set something like:
Would that satisfy your requirement? Also, usual disclaimer: This is all still under design and nothing is committed or planned just yet. So stay tuned 🙂
Stephen Rice
OneDrive Program Manager II
Apr 02 2018 07:09 PM
@StephenRice That is exactly what we are looking for. Has this been implemented yet? If not, what timeline are might we expect?
Thanks
Apr 03 2018 10:58 AM
Hi @Johann Hough,
Yes, this feature is now available. You can find it in the SharePoint Admin Center on the sharing tab. Thanks!
Stephen Rice
OneDrive Program Manager II