Recommended way to change the Modern Team site's Member group permsion level from Edit to Contribute

%3CLINGO-SUB%20id%3D%22lingo-sub-289576%22%20slang%3D%22en-US%22%3ERecommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contribute%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289576%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20created%20a%20new%20Modern%20Team%20site%20and%20i%20got%203%20security%20groups%20created%20for%20us%2C%20as%20follow%3A-%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20252px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F60394i4AF83952A31A5F79%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22editmemebrs.png%22%20title%3D%22editmemebrs.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20the%20problem%20i%20am%20facing%20is%20that%20the%20%22Site%20Member%22%20will%20have%20Edit%20permission%2C%20while%20i%20want%20them%20to%20have%20%22Contribute%22.%20and%20modifying%20this%20from%20the%20UI%20will%20not%20be%20possible%2C%20as%20the%20%22Edit%20User%20Permission%22%20will%20be%20disabled.%20now%20i%20read%20many%20links%20about%20this%20problem%2C%20and%20seems%20we%20can%20modify%20the%20Edit%20permission%20level%20using%20power%20shell%2C%20but%20lot%20of%20folks%20mentioned%20that%20this%20is%20not%20recommended..%20today%20i%20came%20across%20this%20link%20which%20is%20written%20by%20an%20MVP%20from%20Microsoft%20%3CA%20href%3D%22https%3A%2F%2Fwww.dontpapanic.com%2Fblog%2F%3Fp%3D526%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.dontpapanic.com%2Fblog%2F%3Fp%3D526%3C%2FA%3E%20and%20the%20author%20mentioned%20that%20we%20can%20overcome%20this%20problem%20by%20adding%20a%20new%20security%20group%20inside%20sharepoint%20and%20grant%20it%20Contribute%20permission.%20so%20my%20question%20is%20if%20this%20option%20is%20considered%20a%20valid%20approach%20to%20solve%20editing%20the%20permission%20level%20for%20members%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%20question.%20now%20i%20had%20an%20idea%2C%20is%20that%20instead%20of%20creating%20new%20security%20group%20or%20run%20power%20shell%20script%2C%20can%20we%20go%20to%20the%20%22Edit%22%20permission%20level%2C%20and%20grant%20it%20permissions%20similar%20to%20the%20ones%20inside%20Contribute%20permission%20level%3F%20so%20in%20this%20case%20%22Edit%22%20permission%20level%20will%20be%20%22Contribute%22..%20so%20is%20this%20a%20valid%20appraoch%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F60395i56A600EFD0C8E26B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22editpermison.png%22%20title%3D%22editpermison.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-289576%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291076%22%20slang%3D%22en-US%22%3ERe%3A%20Recommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contri%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291076%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20can%20you%20advice%20on%20my%20above%20comments%3F%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-290030%22%20slang%3D%22en-US%22%3ERe%3A%20Recommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contri%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-290030%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EWhat%20I%20would%20do%20here%20is%20what%20we%20have%20done%20always%20with%20SharePoint%20in%20regards%20of%20permissions%3A%20just%20create%20your%20custom%20SharePoint%20Groups%20with%20a%20specific%20permission%20and%20add%20your%20users%20%2F%20security%20groups%20there%20(ideally%20this).%20I%20don't%20recommed%20you%20to%20try%20to%20modifiy%20default%20security%20configuration%20created%20when%20the%20site%20is%20created%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%26nbsp%3B%26nbsp%3B%20thanks%20for%20the%20reply.%20so%20in%20a%20way%20or%20another%20to%20follow%20the%20approach%20mentioned%20in%20this%20link%20%3CA%20href%3D%22https%3A%2F%2Fwww.dontpapanic.com%2Fblog%2F%3Fp%3D526%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.dontpapanic.com%2Fblog%2F%3Fp%3D526%3C%2FA%3E%20%3F%3F%20is%20this%20correct%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%20point.%20now%20if%20i%20create%20a%20new%20sharepoint%20security%20group%20and%20i%20grant%20it%20a%20contribute%20permission%20(while%20i%20leave%20the%20built-in%20%22Site%20Members%22%20which%20have%20Edit%20permission%20level%20empty)%2C%20then%20i%20will%20loose%20the%20benefits%20of%20having%20a%20real%20SP%20modern%20team%20site%3F%20is%20this%20correct%3F%20i%20mean%20sharepoint%20modern%20team%20sites%2C%20assume%20that%20the%20built-in%20%22Site%20Members%22%20contain%20users%2C%20so%20they%20can%20use%20the%20shared%20calendar%2Cshared%20mailbox%2C%20planner%20%2Cetc..%20but%20having%20users%20added%20to%20the%20sharepoint%20modern%20team%20site%20using%20a%20sharepoint%20group%20(rather%20than%20relying%20on%20the%20office%20365%20the%20built-in%20%22Site%20Members%22%20)%20will%20minimize%20the%20benefits%20of%20having%20Office%20365%20modern%20team%20site.%20is%20my%20point%20valid%3F%20and%20maybe%20it%20will%20be%20better%20to%20have%20a%20communication%20site%20instead%20of%20having%20SP%20modern%20team%20site%20in%20this%20case%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-289661%22%20slang%3D%22en-US%22%3ERe%3A%20Recommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contri%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289661%22%20slang%3D%22en-US%22%3EWhat%20I%20would%20do%20here%20is%20what%20we%20have%20done%20always%20with%20SharePoint%20in%20regards%20of%20permissions%3A%20just%20create%20your%20custom%20SharePoint%20Groups%20with%20a%20specific%20permission%20and%20add%20your%20users%20%2F%20security%20groups%20there%20(ideally%20this).%20I%20don't%20recommed%20you%20to%20try%20to%20modifiy%20default%20security%20configuration%20created%20when%20the%20site%20is%20created%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1951628%22%20slang%3D%22en-US%22%3ERe%3A%20Recommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contri%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1951628%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233354%22%20target%3D%22_blank%22%3E%40john%20john%3C%2FA%3E%26nbsp%3BHi.%20Did%20you%20get%20anywhere%20with%20this.%20I%20have%20the%20same%20issue.%26nbsp%3BMy%20client%20has%20a%20Teams%20site%20which%20is%20shared%20with%20external%20guests.%26nbsp%3BWe%20need%20all%20the%20team%20members%20to%20have%20the%20'restricted%20view'%20permission%20level.%3C%2FP%3E%3CP%3EI%20can%20create%20another%20SP%20group%20with%20the%20'restricted%20view'%20permission%20level%20and%20reroute%20the%20O365%20group%20to%20it.%20But%20then%20if%20a%20Team%20member%20adds%20a%20guest%20in%20the%20Teams%20front%20end%2C%20the%20guest%20will%20go%20into%20the%20team%20members%20permissions%20group%20and%20get%20edit%20permissions.%20My%20clients%20want%20to%20add%20users%20themselves%2C%20which%20seems%20to%20me%20to%20make%20sense.%26nbsp%3B%3C%2FP%3E%3CP%3EAlternatively%20I%20can%20change%20the%20default%20team%20members%20permission%20level%20from%20'edit'%20to%20'restricted%20view'%20in%20site%20permissions.%20Then%20if%20a%20member%20grants%20access%20to%20another%20they%20will%20get%20the%20correct%20permissions.%20But%20should%20I%3F%20It%20seems%20to%20be%20working%20but%26nbsp%3BI%20have%20seen%20stuff%20saying%20it's%20not%20advisable%20to%20change%20the%20default%20group%26nbsp%3B%20permission%20level%3F%20Any%20advice%20gratefully%20received.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1951815%22%20slang%3D%22de-DE%22%3ERe%3A%20Recommended%20way%20to%20change%20the%20Modern%20Team%20site's%20Member%20group%20permsion%20level%20from%20Edit%20to%20Contri%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1951815%22%20slang%3D%22de-DE%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F188373%22%20target%3D%22_blank%22%3E%40Victoria%20Symons%3C%2FA%3E%2C%20may%20I%20suggest%20the%20following%20ideas%3A%3C%2FP%3E%3CP%3ESince%20SharePoint%20start%2019%20years%20it%20was%20always%20a%20good%20thing%20to%20have%20a%20low%20number%20of%20permission%20of%20levels%20and%20level%20only%20for%20one%20group%2C%20not%20in%20several%20groups%20or%20even%20persons%20to%20deal%20with%20the%20items%20or%20documents.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOtherwise%20there%20will%20be%20permission%20chaos%20and%20you%20have%20lots%20of%20trouble%20because%20of%20single%20permissions%20on%20single%20persons%20for%20single%20items...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20modern%20SP%20sites%20are%20constructed%20with%20a%20better%20clarity%20with%20only%203%20permissions%20levels%20on%20each%20new%20site%2C%20which%20is%20always%20connected%20with%20a%20team%20(an%20o365%20group)%20or%20which%20is%20a%20private%20site%20in%20a%20Teams%20channel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20if%20you%20need%20to%20have%20user-defined%20permission%20levels%20and%20groups%20you%20can%20create%20it%20on%20lists%20and%20libraries.%20The%20Sites%20will%20not%20accept%20it%20and%20I%20think%20this%20is%20a%20great%20structure%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20these%20extra%20permission%20structures%20are%20complicating%20again%20and%20clarity%20will%20be%20lowered.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGreets%2C%20Eva%3C%2FP%3E%3C%2FLINGO-BODY%3E
Valued Contributor

I have created a new Modern Team site and i got 3 security groups created for us, as follow:-

 

editmemebrs.png

 

but the problem i am facing is that the "Site Member" will have Edit permission, while i want them to have "Contribute". and modifying this from the UI will not be possible, as the "Edit User Permission" will be disabled. now i read many links about this problem, and seems we can modify the Edit permission level using power shell, but lot of folks mentioned that this is not recommended.. today i came across this link which is written by an MVP from Microsoft https://www.dontpapanic.com/blog/?p=526 and the author mentioned that we can overcome this problem by adding a new security group inside sharepoint and grant it Contribute permission. so my question is if this option is considered a valid approach to solve editing the permission level for members?

 

second question. now i had an idea, is that instead of creating new security group or run power shell script, can we go to the "Edit" permission level, and grant it permissions similar to the ones inside Contribute permission level? so in this case "Edit" permission level will be "Contribute".. so is this a valid appraoch ?

 

editpermison.png

5 Replies
What I would do here is what we have done always with SharePoint in regards of permissions: just create your custom SharePoint Groups with a specific permission and add your users / security groups there (ideally this). I don't recommed you to try to modifiy default security configuration created when the site is created

@Juan Carlos González Martín wrote:
What I would do here is what we have done always with SharePoint in regards of permissions: just create your custom SharePoint Groups with a specific permission and add your users / security groups there (ideally this). I don't recommed you to try to modifiy default security configuration created when the site is created

@Juan Carlos González Martín   thanks for the reply. so in a way or another to follow the approach mentioned in this link https://www.dontpapanic.com/blog/?p=526 ?? is this correct?

 

second point. now if i create a new sharepoint security group and i grant it a contribute permission (while i leave the built-in "Site Members" which have Edit permission level empty), then i will loose the benefits of having a real SP modern team site? is this correct? i mean sharepoint modern team sites, assume that the built-in "Site Members" contain users, so they can use the shared calendar,shared mailbox, planner ,etc.. but having users added to the sharepoint modern team site using a sharepoint group (rather than relying on the office 365 the built-in "Site Members" ) will minimize the benefits of having Office 365 modern team site. is my point valid? and maybe it will be better to have a communication site instead of having SP modern team site in this case?

@john john Hi. Did you get anywhere with this. I have the same issue. My client has a Teams site which is shared with external guests. We need all the team members to have the 'restricted view' permission level.

I can create another SP group with the 'restricted view' permission level and reroute the O365 group to it. But then if a Team member adds a guest in the Teams front end, the guest will go into the team members permissions group and get edit permissions. My clients want to add users themselves, which seems to me to make sense. 

Alternatively I can change the default team members permission level from 'edit' to 'restricted view' in site permissions. Then if a member grants access to another they will get the correct permissions. But should I? It seems to be working but I have seen stuff saying it's not advisable to change the default group  permission level? Any advice gratefully received. 

Hello @Victoria Symons, may  I suggest the following ideas:

since SharePoint start 19 years it was always a good thing to have a low number of permission levels and level only for one group, not in several groups or even persons to deal with the items or documents.

 

Otherwise there will be permission chaos and you have lots of trouble because of single permissions on single persons for single items...

 

Also the modern SP sites are constructed with a better clarity with only 3 permissions levels on each new site, which is always connected with a team (an o365 group) or which is a private site in a Teams channel.

 

And if you need to have user-defined permission levels and groups you can create it on lists and libraries. The Sites will not accept it and I think this is a great structure now.

 

But these extra permission structures are complicating again and clarity will be lowered. 

 

Greets, Eva