@Stephen RiceThank you for a quick response.

I have found that, with sites connected to a Hub, the 'admin' is the site collection admins for the hub site, which is completely wrong if the idea is to delegate that kind of task to the individual site's owners. And, for those not connected to a hub, collection admin can be the same, different or include other users who are not members of TEAMS and the associated website so they don't want, nor should they get the access request notifications that can't process.

Unfortunately, manually creating distribution list for every TEAM that users create isn't a scalable workaround. Any other ideas? To me, it just needs to offer a choice rather than be hard-coded to the one. Allow us to choose Admins or the site's Owners and it would solve all of this, don't you think?

By the way, what is the purpose of the site collection administrator in contrast to the site Owners now that there is only one site per site collection? Maybe that's where my disconnect is: I'm not understanding the role's 'raison d'etre' in the Modern configuration and architecture.

Thanks again for a quick answer. Really appreciate that.

Thanks @Dean Gross 

I have checked that, however, I'm under the impression that Site Collection Admins and the "Admins" designated in the Access Request settings when the site is teamified, are different since, when the site is not teamified, the reference is to Owners, not Admins.

So, are you saying that the teamified site's reference to 'Admins' in the Access Request Settings is, actually, the Site Collection Admins? If so, this becomes a problem, I believe, when the site is associated with a Hub because then, the Site Collection Admins that receive the requests for access are those of the hub site instead of the site itself. In the delegated world of one-site-per-site-collection that we live in now, the site owners need to be getting the requests, not the Collection Admins, and to set up a separate DL for each site, as a workaround, does not promote self-management or delegation or get IT out of the middle of it. For us anyway, it creates the very bottleneck we're trying to eliminated by using Modern sites, hubs, and group functionality.

Would you please clarify this for me? Thanks.

@Juan Carlos González Martín  It is still available in Message Center with ID = MC189888

Message Center Link: Site owners can now manage sharing and access request settings from the Site permissions panel

Office 365 Roadmap reference: Manage sharing and access request settings from the Site permissions panel

Hi @Dean Gross  and @Stephen Rice - 

Well 2 years on from my last post on this thread, and now that I've got 90% of our users into TEAMS I've had to revisit "Access Request Settings" because

• team members copy file links and send them to non-team members
  
  • Who then get "Request Access boxes", that they fill in and click send
• team owners get the X person has requested access to Y document, emails then go and Approve or the request.

This works, but because it is outside the normal TEAMS security model (and these permissions aren't easily visible in teams) is a big pain point when there are security related issues.

So I was looking for a way to Untick the "Allow Access Requests > Access request settings" programmatically with powershell.

Ideally I'd like all new SharePoint sites to have this unticked, but I can't find how to set this.

What I did find was Salaudeen Rajack's code to do this for a single site or for all sites in the Tenant.
https://www.sharepointdiary.com/2020/03/sharepoint-online-disable-access-requests-for-all-sites-usin...

Note this June 12th 2021 post is the one that works for me.

I'm posting this so that anyone who finds this thread - can have some peace and avoid having to fix up broken security inheritance. :)

@Dorje McKinnon 

One thing I've found out in going through this, is that :

• IF the team owner approves an "Access request" for myDocument.docx to Bob. When you view the information panel for the myDocument.docx file , then click "Manage access", you'll see Bob's name under the "Direct Access" heading. And you can remove it from hear without having to go back into the AccessRequests list (/sites/sitename/Access%20Requests/pendingreq.aspx) to remove Bob's access.

Given that

• Users will send links rather than using the share button, no matter how much training we give them.
  AND
• Team Owners get the "Access request" email, when the recipient of the link clicks on it and get's the "request access" form and submits it
  AND
• It is only one click for the team owner to approve access, rather than multiple clicks to Share the file/folder to the person or add them to the TEAM
  AND
• It is easy to revoke access, via the Information panel for the file or folder, or via the AccessRequests list (/sites/sitename/Access%20Requests/pendingreq.aspx) [Microsoft this could be easier to get to]

I've decided that for my tenant I'm going to leave this hang over from earlier versions of SharePoint in place. Because it is easy for team members and team owners. Even though I don't like the fact it is a bit messy from an admin perspective :)

I hope this is useful to others.

Hi @gabeholcomb 

I assume you're talking about "access request settings" from the /_layouts/15/user.aspx page.
You mention sub sites are the issue, that would indicate that you're doing this using on premise SharePoint or in a Classic SharePoint site that has been migrated to SharePoint online.

My posts all involved SharePoint Online sites. You may need to look for information that is specific to your version of SharePoint.

The other thing would be to check you are a Site Collection Admin (SCA) for each of the sub sites too.

Sorry I don't have more useful info.

Access Request Settings