External User Security: How to stop users seeing other external users

Spidermonkey168 · ‎Jun 25 2019

Hi Good People,

I am building a Sharepoint 365 site to replicate the structure of our existing Sharepoint Foundation site.

Background

We upload documentation to Sharepoint for our clients to collect.

Each client has their own subsite and they use this to upload documentation for us to process and download information provided from us. It is a daily occurrence.

There is also a top level site 'ClientHub' where clients can download standard form, read notices from us, keep up to date with news.

Each user has 'read' only access to ClientHub. They cannot see who else has access to this site.

Simple structure below:

Client Hub - read only to all users (Clients can access standard docs and notices)

- ClientA - ClientA users can upload and download into their own private subsite

- ClientB - ClientB users can upload and download into their own private subsite

- ClientC - ClientC users can upload and download into their own private subsite

Problem

I want to replicate this secure setup and at the moment I can only do this if my users only have access to their own sub-site. If I add users as 'read' only to the main ClientHub site each user can view all users and bulk email to all users by using the 'share' option.

We obviously do not want our users to know the email addresses of other clients and/or email everyone in the whole directory!

However, we do want all users to have access to standard documents and news announcements as this is essential to our business.

I have tried adding users to their own private groups and adding the group to ClientHub with Read only access, but the directory still lists all individual users for all to see.

Can anyone recommend a workaround? Surely, other businesses do not want users seeing everyone else who has access to a site?

I am not a developer - just a lowly administrator trying to setup up Sharepoint 365 to do exactly what Sharepoint Foundation was capable of. Much appreciated to any advice you can give.

Regards

Kelly_Edinger · ‎Jun 25 2019

Hi @Spidermonkey168 - is there a business case for your customers to share from your site? if they just need to download, maybe try turning off the ability for non-owners to share items they don't own. This is in the admin center.

Spidermonkey168 · ‎Jun 25 2019

@Kelly_Edinger Hi, thank you for your reply.

External users are not permitted to share. Only Admin users within a security group at AD have permission to share.

I have attached a screenshot of the current settings.

The problem I have is if users are added to the top site so they can rightly access standard documentation, policies etc they can view all users of that site by clicking on the 'Share' icon at the top of the screen. An option is to email 'everyone'!!

How can I provide access to standard documents for all clients without them seeing who else has access?

Kelly_Edinger · ‎Jun 25 2019

@Spidermonkey168 - oh ok, I don't see that option on any of my sites. I know it's not ideal, but could you use CSS to hide the share button?

Kevin McKeown · ‎Jun 25 2019

I haven't tried it for this scenario, but you could look into using the Restricted Read, View-only, or a custom permission level instead of the default Read permission level that is assigned to the Visitors group.

Permission levels: https://docs.microsoft.com/en-us/sharepoint/understanding-permission-levels

You might take a look into the "Browse User Information" permission setting.

Spidermonkey168 · ‎Jun 26 2019

Hi @Kevin McKeown

Thank you for this, and like you I thought this would sort out my problem. But the permission level allocated to the users already has this option removed. Still they can view all users of the root directory despite whether in their own group or not.

Any further options gratefully received :)

Spidermonkey168 · ‎Jun 26 2019

HI@Kelly_Edinger ,

This certainly is an idea. Do I need a developer to modify in CSS? I would need just the root site changed to remove the share button.

Kelly_Edinger · ‎Jun 26 2019

@Spidermonkey168 - yes, that's likely needed. it's not like the old days when we could just add a web part and add our CSS and be done. Check out https://tahoeninjas.blog/2018/10/29/update-inject-custom-css-on-sharepoint-modern-pages-using-spfx-a...

Kelly_Edinger · ‎Jun 26 2019

another option - I've noticed that when I create a new TEAM, the SharePoint site that supports it doesn't have the share button on the home page. you could maybe try recreating as a TEAM and then inviting them to the SharePoint library that lives behind it. Could be faster than a devleoper depending on how much data you'd need to move.

ajohnstonpowin · ‎Jun 09 2022

Did anyone find a solution to this? The closest I've come to hiding users from each other in the share window is to hide user details (email), and change the user's display name, which is a lot of work.

I've also tried to remove the Share button from everywhere as a stop-gap, but I cannot remove it from the context menu without building an app it seems.

External User Security: How to stop users seeing other external users

External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Re: External User Security: How to stop users seeing other external users

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

External User Security: How to stop users seeing other external users