I have a Sharpoint site, which can be shared to external geusts. The issue is that these external users have access to the recycle bin.
The sharing with external users is enabled through the following policy:
These external users are added to a Sharepoint group and given "Limited_root_level" access to the site. The limited root level role is a custom role with the following configuration:
According to the documentation, only users with a security role higher than read access have access to the recycle bin.
Any Site Member (with Edit permissions level) or Site/Group Owner (with Full Control permission level) can access the Recycle Bin. Visitors of the site (those with Read permission level) cannot access content in the Recycle Bin.