May 06 2022 05:16 AM - edited May 06 2022 05:17 AM
Inside each SharePoint site there is an option to allow members to Share files with other members using this setting:-
My question is when we should allow this? as per my experience, if we allow members to Share files with new members, this will cause the related files/folders to have unique permissions, and after couple of months the files permissions will became almost impossible to maintain. so for long running sites, should we always disable this option? and instead create multiple libraries and group the files based on the permissions we need to apply, so we only manage the permission on the library level? rather than having most of the files having unique permissions?
Thanks
May 06 2022 06:18 AM
Hi @john john ,
based on my experience, my suggestion is to go, if possible, with 2nd approach:
I know this is not always possible (depending on Business Units or Departments need) and you have to reach a compromise.
As you said: The more granularity and flexibility you will provide to end-users in terms of permissions (by breaking the inheritance with the sharing) the more difficult will be to you to control the access of your data.
May 06 2022 05:24 PM
@mr_w1nst0nThanks for your reply.. But what we need to do in this case? i want to start a new project and as a first setup i need to set 7 hub sites which consider as long running sites, for
so should we allow members to share files or not?
Thanks
May 09 2022 01:35 PM
@john john as I said it's not black or white, you have to see what fits better for the overall organization.
IF you foresee that the unique permissions may generate too much "headaches" for the IT department and it's not sustainable in the long run then, in my opinion, you have the following options:
1. Configure the 7 hub sites with a sensitivity label
Using a sensitivity label gives the possibility to share files, folders and site only to site owners.
You still have the technical "drama" of unique permissions but only the site owner will be capable to share contents which gives you a more structured control on what's going on.
2. Disable the sharing via PowerShell in the 7 hub sites (DisableCompanyWideSharingLinks) and create a dedicated site collection where you allow corporate people to share files, folders.
(You will monitor later only this specific site to review the sharing)
3. You disable the sharing completely and you manage the permissions manually or via workflow to assign access to people on demand