SOLVED

Best practice for external sharing: Document Library vs Folder

Deleted
Not applicable

Hello,

 

I'd like to start a discussion to learn about your point of view regarding best practices for sharing content with external users. I'm currently faced with the following scenario and question.

 

Scenario:

A site collection should be set up to allow multiple external partners to access and collaborate with our company. Security wise, these areas should be invisible to each other (thinking unique permissions) so that one partner is not able to see the files/folderes of another.

 

Question: Should I create a document library with unique permissions for each partner or is it enough to share folders as both ways allow for setting unique permissions?

 

What's your take?

Thanks!

9 Replies

I typically recommend creating separate site collections for each vendor when possible. If you have a project with lots of subcontractors that need to collaborate, then use a SP Group for each firm, along with a dedicated document library for each and some common document libraries for multi-firm use. 

Folders are very limiting and I don't like using them if at all possible.


@Dean Gross wrote:

[...]Folders are very limiting and I don't like using them if at all possible.


Thanks for your input. And this is what I'm pondering about. I don't know what a doc lib can offer what a folder can't in such a scenario.

 

Of course, logically speaking it would make the most sense to create individual site collections but our requirement it to have it within one.

From a Permissions point of view Folders / Doc libraries can have broken inheritance and the same unique permissions added.

But managing permissions at the library level rather than the folder level is much easier to track and keep on top of.

based on the same idea that is why new site collections (created by a 365 group / Team / Plan) is also a great fit for this. Security by design.

A middle ground I've had with some clients is an "External sharing" Site where there are different document libraries for the different external partners. These document libraries can be easily shared to internal Office 365 groups or Teams for ease of use internally whilst keeping the security for the externals.
best response
Solution

Here are a few things that make libraries a better choice

  • Doc libraries provide a search boundary that folders do not, i.e., you can limit a search to a library, you can't do this with a folder
  • you can create custom views in each doc library, Folders only exist in one specific hierarchy, views provide many more options for display
  • you can activate different content types in each library
  • Different settings can be enabled/disabled in each doc library 
  • PowerApps and Flows are associated with libraries, not with folders

 


@Antony Taylor wrote:
But managing permissions at the library level rather than the folder level is much easier to track and keep on top of.

I tend to agree and this is definately important. Thanks.

Absolutely valid points, thank you. I will take those into consideration, especially the points regarding views and content types. Thanks.

As I have said in another similar thread, for my customers I usually create a Group for each partner.

This approach, IMHO has all the advantages that Dean mentioned above about multiple doclibs, plus some extras that are often considered useful: for each Group (i.e. for each partner), apart from a completely isolated doclib, you will have a modern team site, a conversation space, a calendar, a notebook and the possibility to add Teams, Planner and so on.

Also, be aware that today this is the trend pushed by Microsoft.

Just my two cents...

We have the same/similar requirement and have successfully solved it with this Classic setup:

  • Create 1 site for the project that needs different external orgs to collaborate with the internal project team
  • Create 1 library for each external company
  • Create 1 SharePoint group for each external company, plus one for the internal team
  • Give all groups read access to site.
  • Customize library permissions so each library is accessible to the appropriate SharePoint Group (e.g., internal SP group and external company SP group)
  • Then Share the Site with each external user - adding them to their company's Group. This gives them Read access to the Home site and contribute to their library only. They cannot view the other libraries.

This may seem cumbersome, but it allows the site owner to add new external users pretty safely as the permissions are all set up beforehand. They just need to invite them using the correct SP Group. Note, I do understand this is a bit old school, but my clients do not like the complicate navigation experience of O365 Groups. They just want to share files and maybe a calendar.

 

Hope that helps.

1 best response

Accepted Solutions
best response
Solution

Here are a few things that make libraries a better choice

  • Doc libraries provide a search boundary that folders do not, i.e., you can limit a search to a library, you can't do this with a folder
  • you can create custom views in each doc library, Folders only exist in one specific hierarchy, views provide many more options for display
  • you can activate different content types in each library
  • Different settings can be enabled/disabled in each doc library 
  • PowerApps and Flows are associated with libraries, not with folders

 

View solution in original post