Jul 24 2018 12:52 AM
Jul 24 2018 12:52 AM
I noticed that for a newly created modern teamsite (via New-PnPSite) I'm unable to change permission levels for the out of the box security groups. For example, I go to /user.aspx and put a check mark in front of a security group. Usually, the "Edit User Permissions" and "Remove User Permissions" menus become selectable.
However, for modern teamsites they remain greyed out although I'm a site collection admin:
The unfortunate thing is is that I can grant additional permission levels through the leftmost "Grant permissions" button but because "Edit User Permissions" is always greyed out, I cannot remove them.
Any idea why that is?
Jul 24 2018 01:38 AM
I am able to partly reproduce your behavior in my tenant, only for the first part in which the buttons remain greyed out for the default created Groups. When I grant permissions using leftmost Grant Permissions button I am able to use both buttons afterwards
I don't know exactly why this is, but I can imagine it's to protect you from messing up the permissions with regards to the underlying O365 Group that's created for modern team sites and keep the basic permissions model controlled through O365 Group settings working.
Jul 24 2018 04:41 AM
This is a known limitation on the Owners, Members, and Visitors groups in a Team site (actually on all Office Group sites). I wrote a Blog post about the issue, and a potential workaround, that you can read here:
Jul 25 2018 08:27 AM
Thanks, this is quite interesting. Another thing I found out is that the GUI let's you assign the security group itself two different permission levels:
But, contrary to classic teamsites, you cannot change/remove them afterwards since "Edit User Permissions" is greyed out. Quite Frustrating I might say.
Apr 22 2020 07:34 AM
@Florian Hein I have found you have to allow custom scripting on your site. This is turned off by default.
Set-SPOsite -Identity "https://unitedchurch.sharepoint.com/sites/YOURSITE" -DenyAddAndCustomizePages 0
I then have to wait a few minutes and refresh the page, once it's done you can edit your permissions like you could before.
Apr 22 2020 07:39 PM
Jul 03 2020 04:29 AM
@Paul Pascha I found that despite being an Administrator and an Owner for a site, I was unable to change permission levels for a security group after Microsoft had assigned the "limited access" permission level to the Owners or Members security groups (of which I was a member). The "limited access" permission level is apparently assigned when a user shares a document/list with someone who is already a member of the Sharepoint Site (LOTS of Sharepoint/Microsoft community blogs and complaints about this). The problem is you cannot delete the Limited Access permission level and you cannot remove the Limited Access for the security groups to which assigned (greyed out).
The way I got around this is to create two Custom security groups (CustomOwner and CustomMember with the required permission levels) .... and added the applicable staff/O365 Groups with these custom groups. Not sure whether that horrid "limited access" will pitch up again for the custom security groups if an item/document is shared; I am too nervous to test after so many hours researching these issues
Jul 03 2020 04:47 AM