02-01-2019 03:16 AM
02-01-2019 03:16 AM
Permissions on a communication site has been modified automatically by the SharePoint system account. We have configured the site so that “Everyone except external users” is member of “Site Visitors” group. However, at two times the system account has moved “Everyone except external users” from “Site Visitors” to “Site Members”. According to the audit logs it is the SharePoint System account that modified the permissions behind the scenes. It’s very important that the permissions are not modified by the system in this way, because the site is a global intranet site that should only be available as read only for all users in the organization.
02-01-2019 03:37 AM
We have explicitly given Everyone except external users membership in the site visitors group to give them read only access. Expected behavior is that this permission assignment should stay that way, and not be modified by the system.
02-01-2019 03:51 AM
Someone please reply on post.........just want to Investigate why this has occurred
02-01-2019 07:01 AM
04-18-2019 07:55 AM
This happened on our tenant last night. I just opened a ticket with Microsoft. The group 'Everyone except external users' that we had added to 'Site Visitors' group got added to 'Site Members' group. This is very serious as the Portal was now editable by everyone company wide and one of the users tried editing the home page. It is our global landing page.
04-18-2019 01:51 PM
@Anjali_Sharma As a workaround, consider adding Everyone Except External Users as a direct permission, not inside a SharePoint Group.
04-22-2019 08:18 AM
Interesting. I will try that. Do you believe that when it is outside, the groups do not get moved around by system account? Microsoft is still investigating this and i have a few other permissions that were modified by the System account which I would like to determine why if so. I will however implement this workaround.
04-26-2019 01:56 PM
@Anjali_Sharma Directly applied permissions have been stable in my experience, yes.