Feb 26 2018 05:20 AM
I have a scenario with external users.
I created a custom permission level for these users. The custom permission level is a copy of the default "Read" permission level, but I unchecked the "View application pages" permissions.
The external users are however still able to see the site contents page and, even worse, the 'site usage' page.
I also activated the "Limited-access user permission lockdown mode" site collection feature. And I tried to work with limited access for external users, but then they don't have access at all.
Is there a way to achieve what I want? A permission level where (external) users are not able to see site contents and site usage page?
Thanks in advance!
Feb 26 2018 07:17 AM - edited Feb 26 2018 07:25 AM
I did some further research, here are my findings:
When you uncheck the "view application pages" permissions, users are not able to view the 'site contents' and 'site usage' pages. This works fine in a SharePoint site that uses sitepages that are based on the classic interface. Because users can browse the site pages, but not the application pages.
If you however use modern site pages, user will not be able to view those pages if they don't have the 'view application pages' permissions. In other words, SharePoint sees the modern pages as application pages.
Therefore there does not seem to be a way to restrict the access to the site contents and site usage pages while being able to view modern site pages. Which in my opinion is a clear bug...
Jul 11 2018 09:28 PM
Has this been recolved or is there a way to hide the site content menu item? I have hidden access to site assests, styles and other folder except document using custom permissions by not inheriting from parent. But visitors still have access to site usage and site workflows. I need to not show this in the UI.
any help would be great.
Aug 30 2018 12:05 AM
I would like to hide the site permissions as well. Haven't figured out a way of doing so as of yet. Any input would be great.
Oct 22 2018 03:43 PM
I'm interested in learning more about this solution as well. The result is similar: A custom permission setting that would:
After some research, I tried using
There are some solutions to remove the Site Settings Icon and Menu using SharePoint Designer, however, using Designer is not an option for our team at this time.
Dec 17 2018 08:05 AM
Hi, same issue here, i whant to Hide Info about Members, but in SPO Teams Site, the external user (my domain account but without licences) he can see the Team Group Members. :( .... is not GDPR OK because my user have phone nr. etc on there profile. :(((
Mar 07 2019 09:30 AM
This is very important to us, as well, and is driving us to look at alternatives that we would rather not pursue.
Jun 12 2019 12:18 PM
@Ann_M Yeah this is kinda bad. Anyone with read permissions on modern sites her has access to all the admin functions on the menus, but jsut read access on the pages. What in the world is going on.
Aug 22 2019 12:36 AM
@Deleted
Hello is there any news on this topic? how to hide site contents and usage?
Because it is very annoying to have these functions accessible to user with read access.
Kind regards,
Pierre.
Aug 23 2019 08:00 AM - edited Aug 23 2019 09:58 AM
@Deleted
I was running into this exact issue. Trying to setup a very strict "Read only" permission group for our Sharepoint site. I thought I had something working, and then found the gear icon had both "Site contents" and "Site Usage" listed. And, when I went to "Site Contents", I could do anything an admin can do (checkout, checkin, download, delete, upload).
I've made mitigated a big part of the issue, but I don't think it's good enough yet.
I found the "Style Resource Readers" group had Contribute permissions at the highest level (in addition to "Read" and "View Only"). Removing the Contribute permission from this group at least removed "Site Usage" from the gear, and when I went to the contents I could no longer checkout, checkin, delete or upload; but I could still get to the Site Contents, open the files and download them. This is not desired for a "Read only" user.
Next I'm going to try using the "View only" permission instead of the "Read" permission.
p.s. I just noticed as what should be a Read only user I can pull up the "Shared With" window, and share the site with presumably anyone! Not something I want them to be able to do. The window doesn't let them select the appropriate group...that's somehow much scarier, I have no idea what group that user would be put into.
Update: I have a solution!
Short answer: use "Restricted Read" instead of "Read" or "View Only", and also set the Style Resource Readers group to "Restricted Read".
When I used "View Only", Site contents were still available but files could no longer be downloaded, that was a substantial improvement but not quite all the way to what I want.
I then tried "Restricted Read", and now "Site Contents" is removed from the gear icon. "Shared With..." is still listed as an option, but clicking it results in an error and the sharing window does not come up. Pages still seem to work, and I don't seem to be able to edit list items. So this is a workable solution for me. I believe "Restricted Read" is a standard permissions group for SharePoint, in case it isn't, you can create it yourself by adding a new permission level with the following items checked in the "Permissions" section: View Items, Open Items, View Pages, and Open.
I have not experimented with creating a special permission level to pare this down even further (i.e. I don't know exactly what those permissions do, and what would happen if I took them away).
Sep 10 2019 10:55 AM
@rpawa , can you confirm this was on a modern site?
Sep 23 2019 11:06 AM
Nov 27 2019 07:04 AM
@rpawa Can you walk me through how to change my current group members permission setting to "Restricted Read" instead of "Read" or "View Only", and also how to set the Style Resource Readers group to "Restricted Read".
Mar 12 2020 02:56 AM
Any news about new solutions?
I need to give access to site homepage and specific folders in Site Contents. But I doesn't want users to mess around in whole Site Contents.
Mar 23 2020 11:19 AM
Apr 13 2020 12:58 PM - edited Apr 30 2020 03:53 AM
Hi,
You can go for the restricted read permission level and the lockdown feature as well, that's all fine ..
but, just make sure you select client integration functions.. and external interfaces.. additionally in the permission level, this should make work everything (forms, but also certain images etc. and therefore prevents the overall access denied messages ..) as expected and prevent access to the application pages (also in modern SharePoint ;-))
You might want to set your SharePoint security groups membership setting to 'only members can see ... ' as well ..
hope IT helps !
best regards
Share P
Apr 17 2020 07:15 PM
I am currently testing and in the same situation as everyone that has requested and posted regarding this problem. as @rpawa posted it is a permission thing but i will test what i may found as being everyone solution. Discovery needs experimentation . As soon as i am done testing fully with a few other users and a test user i am cramming with i will repost my findings and maybe the solution.
Apr 18 2020 09:49 AM
Apr 23 2020 10:50 AM
Hi,
I had the same issue I used a custom permission level with the "View application pages" permission disabled and my external users were still able to access the Site Contents.
When I first enabled, "Limited-access user permission lockdown mode" , both the site pages and Site content displayed "Access Denied". However, after playing around with the permissions I was able to find a combination that worked for me.
My Steps:
1. Enable the "Limited-access user permission lockdown mode" Site Feature (Site Settings > Site collection features > Limited-access user permission lockdown mode).
2. Create Custom Permission Level with the following permissions:
Note: These permissions worked for my needs, you may want to modify according to your needs. However, this method didn't work without the "Use Remote Interfaces" permission being enabled.
3. Ensure the external user group has the correct permission level applied to it. (Site Settings > Site Permissions > Check Permissions).
Result:
The External User group can access the site pages and but Site content and Site usage displays "Access Denied".
I hope this helps someone else!
Apr 24 2020 06:07 AM
Thank you TristonT, the only thing i was missing from what you have done is and that was i did not enable this: (Site Settings > Site collection features > Limited-access user permission lockdown mode)
Those are the minor things you miss sometimes but thank you ALOT this has helped me for what i was looking for.