Nov 04 2019 12:10 PM
Nov 04 2019 12:10 PM
I asked this in the regular community, my mistake.
We are a smaller company committed to Teams on the front end with Sharepoint on the back end. We have three people set up as Admins for Office 365 for Business. I need to restrict access to the content created and managed by a couple of Teams and their libraries from my other two admins, specifically the Leadership private team and the HR team. As it stands, while the admins are not members or owners of these teams / libraries, they can make themselves members and gain access to the restricted data in the libraries. THey are doing good work overall, so I want to be able to selectively remove their Admin capabilities. I have been told that this is not possible which makes no sense in the context of a really large company, let alone a small one.
Can someone please direct me to how to do this?
Nov 04 2019 01:50 PM
Nov 04 2019 02:02 PM
I'm going to respectfully disagree @Trevor Seward
Having spent more than 40 years in Information and Communication Tech, you don't need to tell me how to boil water. Stratified administration rights are not unusual and have existed in other systems for decades.
I now understand that while Sharepoint does offer multiple levels of admin, there is no clarity in the documentation about who can do what with the data. That's a missing element and bad design.
Checking the audit logs works. It is identical to the old concept of locking the barn door after the horse is gone. And thus, of dubious and limited value.
Nov 04 2019 02:11 PM
Nov 04 2019 02:15 PM
You are correct @Trevor Seward There are however, proven systems that did not have this issue, although they have passed from memory. It is possible that the less powerful admin types in Sharepoint could help, if only their documentation specified what control they have over document libraries, which none of the Microsoft docs that I have found, do.
I make no assertion that I have found them all. For example, can a Teams Admin, read the contents of a Sharepoint Document Library if that person is not a Global Admin? I fear yes, because Teams is built to leverage Sharepoint. What I am looking for specifically is an admin role that allows for admin and support without open access to document libraries.
Nov 04 2019 02:46 PM
Nov 04 2019 03:43 PM
Thanks for the clarity @Trevor Seward I will go with your expertise on this matter and simply ensure that my secure data users don't put anything on network resources be they Sharepoint or OneDrive for Business. Nothing like going back to 1981 and floppy disks.