Oct 05 2017 02:10 AM
Oct 05 2017 02:10 AM
I have a question regarding SharePoint and Office 365 groups. As we heart that you can Groupify almost everything at Ignite.
As you may now when you create an Office 365 group you can manage the members and owners from the admin portal. But now in my SharePoint site, I have more SharePoint Groups especially for different members and different Libraries(with broken inheritance).
These SharePoint Groups I cannot edit on the admin portal, but only in SharePoint and have issues when they want to use planner for example.
What is the vision for this?
Is the future that all SP groups can be edit in the Admin portal?
or do we need to minify the SP groups to members, Owners, visitors?
And how should we deal with security in libraries for different groups?
thanks in advance
Oct 05 2017 02:50 AM - edited Oct 05 2017 08:28 AM
My guess is that the three standard security groups will continue to be managed (also) by the standard Group UI, while other security groups will be managed (only) by the advanced UI, as it happens now when you add more security groups to a Group.
Oct 05 2017 03:18 AM
Hi @Deleted,
For a very long time I've suggested that each SharePoint group should have a matching security group. The problem however with this appraoch has always been ... users!
With the whole empowering idea that Microsoft is pushing this becomes even harder. Sharing with a user breaks this whole plan. I've never really found a better solution than simply to give up on controlling permissions too much. The alternative for giving up would be to give users not the option to share... and I'm not happy with that either. Of course, you still want to control the users with special permissions like admins, designers etc.
Oct 05 2017 04:34 PM
adding @Tejas Mehta
Oct 05 2017 04:43 PM
Oct 14 2017 01:50 AM
SolutionHi there,
SharePoint groups will continue to exist as SharePoint-only entities that can be utilized for permissions purposes. You are correct that you cannot manage these in admin portal, and we have no plans to enable that.
For group connected sites (including classic sites you connect to new Office 365 Groups), we do ensure that the 3 default SP groups exists (i.e. Owners, Members, Visitors). While you will continue to be able to add your own SP groups to sites, any custom permissions you employ on site resources do not map across to Office 365 Group membership. This is an important point - that while SharePoint will allow you to break permissions inheritance on resources, if you do so you can end up with members of the Office 365 Group *not* having access to those resources.
Hope this helps.
Tejas
Dec 20 2017 04:19 AM
I've noticed you also cannot change the default permissions for the Modern Team site Member group to Contribute. It's seems the choice are now down to Full Control, Edit or Read only. Can't even do it in the user.aspx page. Sharepoint seems to be getting dumbed down.
Dec 20 2017 04:38 AM
The trend appears to be to leave alone "standard groups" permissions for modern team sites.
If you want to customize permissions it is better to use classic team sites instead.
Oct 29 2019 04:13 PM
@Tejas MehtaI've noticed that the Office 365 Members group appears to be added to the SharePoint members group. The Office 365 Owners group does not appear to be added to the SharePoint owners group. The reason this came up was that I was doing some working using SharePoint search which still relies on SharePoint groups for security trimming. I wasn't seeing a lot of files that others were seeing and started a bit of digging. Once I added the Owners to the SharePoint Owners group, things began to appear in search for me. Is there a reason why the Office 365 Members group is added to the SharePoint group but the Owners group is not? This was on a Modern Team site, feeding content to SharePoint search.
Oct 14 2017 01:50 AM
SolutionHi there,
SharePoint groups will continue to exist as SharePoint-only entities that can be utilized for permissions purposes. You are correct that you cannot manage these in admin portal, and we have no plans to enable that.
For group connected sites (including classic sites you connect to new Office 365 Groups), we do ensure that the 3 default SP groups exists (i.e. Owners, Members, Visitors). While you will continue to be able to add your own SP groups to sites, any custom permissions you employ on site resources do not map across to Office 365 Group membership. This is an important point - that while SharePoint will allow you to break permissions inheritance on resources, if you do so you can end up with members of the Office 365 Group *not* having access to those resources.
Hope this helps.
Tejas