cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Need help with SharePoint and Security Groups

WarreVlieghe
Copper Contributor

‎Apr 08 2020 06:02 AM

‎Apr 08 2020 06:02 AM

Need help with SharePoint and Security Groups

Hi all!

 

I'm currently working on a case for a customer that is using Office 365 and SharePoint. He wants to be able to add and remove users to SharePoint sites with as less hassle as possible. So i came up with the following idea.

 

I was thinking of adding users in separate Security groups in the Office 365 admin center. Then, I'd make custom SharePoint groups on the team site. Instead of adding user accounts to those SharePoint groups, I'd like to add the Security group. That way, whenever a user is added/removed from the Security group, the access and permissions on that site would be added/removed without adding/removing the individual user from the different sites. This, in my opinion, would be much easier to manage than to manually add the user to the site and manually assign permissions on folders and files.

 

But that seems to give some problems. After removing a user, the user still has access to the site, and vice versa. Even if a user is added to the Security group and the Security group is a member of the SharePoint group, the user still doesn't have access to the team site. I don't know how I could solve the issue without using Security groups for management.

 

Any ideas, tips or insights would be very much appreciated!

Labels:
754 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by WarreVlieghe (Copper Contributor)
shawn_fielding

‎Apr 08 2020 06:57 AM

‎Apr 08 2020 06:57 AM

Solution

Re: Need help with SharePoint and Security Groups

The best approach I have seen includes a two tier level: creating AD security groups then adding these groups to SP groups that make more sense to the structure of your site.  That way, when someone gets turned off in AD, they are removed from all SP groups you created.  It is a bit abstract, but seems to work.

0 Likes
Reply
WarreVlieghe

‎Apr 08 2020 07:35 AM

‎Apr 08 2020 07:35 AM

Re: Need help with SharePoint and Security Groups

Since they are not using AD, will it work with Office 365 security groups? Or are AD and O365 groups the same?
0 Likes
Reply
WarreVlieghe

‎Apr 08 2020 07:36 AM

‎Apr 08 2020 07:36 AM

Re: Need help with SharePoint and Security Groups

It seems to work after logging out and logging in again with the user that is being added/removed. Didn't know that would be an issue.
0 Likes
Reply
shawn_fielding

‎Apr 08 2020 08:30 AM

‎Apr 08 2020 08:30 AM

Re: Need help with SharePoint and Security Groups

@WarreVlieghe Hmmm.  I think you could do it with the 365 level instead.  But honestly I do not know.  I think the best way for an org to do this is to figure out what the requirements are (you have the basics).  I do suggest abstracting it though at least one level so that it is easy for someone to be joined to a group and have all access and permissions that group has.  

 

0 Likes
Reply
cfidler

‎Apr 16 2021 09:14 AM - edited ‎Apr 16 2021 09:16 AM

‎Apr 16 2021 09:14 AM - edited ‎Apr 16 2021 09:16 AM

Re: Need help with SharePoint and Security Groups

@shawn_fieldinghave you encountered issues wherein a user is a member of a security group in AD and that security group is a member of a SharePoint group yet adding a member to that security group does not grant them membership to that SharePoint group?

 

It used to be simple to grant a user membership to a particular SharePoint group. We would simply add them to the membership security group in AD and wait for it to replicate from AD to SharePoint online. Now, for some reason, that practice is becoming more hit and miss with regards to a successful outcome. We have several employees that have been added to the security group but that is not replicating out to SharePoint online.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by WarreVlieghe (Copper Contributor)
shawn_fielding

‎Apr 08 2020 06:57 AM

‎Apr 08 2020 06:57 AM

Solution

Re: Need help with SharePoint and Security Groups

The best approach I have seen includes a two tier level: creating AD security groups then adding these groups to SP groups that make more sense to the structure of your site.  That way, when someone gets turned off in AD, they are removed from all SP groups you created.  It is a bit abstract, but seems to work.

View solution in original post

0 Likes
Reply