SharePoint Online hide "site contents" and "site usage" page (modern sites)

Copper Contributor

I have a scenario with external users.

 

I created a custom permission level for these users. The custom permission level is a copy of the default "Read" permission level, but I unchecked the "View application pages" permissions.

 

The external users are however still able to see the site contents page and, even worse, the 'site usage' page.

 

I also activated the "Limited-access user permission lockdown mode" site collection feature. And I tried to work with limited access for external users, but then they don't have access at all.

 

Is there a way to achieve what I want? A permission level where (external) users are not able to see site contents and site usage page?

 

Thanks in advance!

52 Replies

I did some further research, here are my findings:

 

When you uncheck the "view application pages" permissions, users are not able to view the 'site contents' and 'site usage' pages. This works fine in a SharePoint site that uses sitepages that are based on the classic interface. Because users can browse the site pages, but not the application pages.

 

If you however use modern site pages, user will not be able to view those pages if they don't have the 'view application pages' permissions. In other words, SharePoint sees the modern pages as application pages.

 

Therefore there does not seem to be a way to restrict the access to the site contents and site usage pages while being able to view modern site pages. Which in my opinion is a clear bug...

Has this been recolved or is there a way to hide the site content menu item? I have hidden access to site assests, styles and other folder except document using custom permissions by not inheriting from parent. But visitors still have access to site usage and site workflows. I need to not show this in the UI.

 

any help would be great.

I would like to hide the site permissions as well. Haven't figured out a way of doing so as of yet. Any input would be great.

I'm interested in learning more about this solution as well. The result is similar: A custom permission setting that would:

  1. Grant Visitors access to complete forms.
  2. Disable Visitors access to the Site Settings, Site Contents and Edit/Add Page.

After some research, I tried using

  • Contribute = Visitors are able to access and complete forms. However, they may access Site Settings, Site Contents, and Edit/Add Page
  • Restricted Read = Visitors are unable to access Site Settings, etc. However, they are unable to access and complete the forms.
  • Custom Permission = Copy of Contribute Settings with an unchecked, "View Application Pages". Result is Visitors are unable to access and complete the form.

There are some solutions to remove the Site Settings Icon and Menu using SharePoint Designer, however, using Designer is not an option for our team at this time.

Hi, same issue here, i whant to Hide Info about Members, but in SPO Teams Site, the external user (my domain account but without licences) he can see the Team Group Members. :( .... is not GDPR OK because my user have phone nr. etc on there profile. :(((

This is very important to us, as well, and is driving us to look at alternatives that we would rather not pursue.

@Ann_M Yeah this is kinda bad. Anyone with read permissions on modern sites her has access to all the admin functions on the menus, but jsut read access on the pages. What in the world is going on.

@Deleted 

Hello is there any news on this topic? how to hide site contents and usage?

Because it is very annoying to have these functions accessible to user with read access.

Kind regards,

Pierre.

@Deleted 

 

I was running into this exact issue. Trying to setup a very strict "Read only" permission group for our Sharepoint site. I thought I had something working, and then found the gear icon had both "Site contents" and "Site Usage" listed. And, when I went to "Site Contents", I could do anything an admin can do (checkout, checkin, download, delete, upload).

 

I've made mitigated a big part of the issue, but I don't think it's good enough yet.

 

I found the "Style Resource Readers" group had Contribute permissions at the highest level (in addition to "Read" and "View Only"). Removing the Contribute permission from this group at least removed "Site Usage" from the gear, and when I went to the contents I could no longer checkout, checkin, delete or upload; but I could still get to the Site Contents, open the files and download them. This is not desired for a "Read only" user.

 

Next I'm going to try using the "View only" permission instead of the "Read" permission.

 

p.s. I just noticed as what should be a Read only user I can pull up the "Shared With" window, and share the site with presumably anyone! Not something I want them to be able to do. The window doesn't let them select the appropriate group...that's somehow much scarier, I have no idea what group that user would be put into.

 

Update: I have a solution!

 

Short answer: use "Restricted Read" instead of "Read" or "View Only", and also set the Style Resource Readers group to "Restricted Read".

 

When I used "View Only", Site contents were still available but files could no longer be downloaded, that was a substantial improvement but not quite all the way to what I want.

 

I then tried "Restricted Read", and now "Site Contents" is removed from the gear icon. "Shared With..." is still listed as an option, but clicking it results in an error and the sharing window does not come up. Pages still seem to work, and I don't seem to be able to edit list items. So this is a workable solution for me. I believe "Restricted Read" is a standard permissions group for SharePoint, in case it isn't, you can create it yourself by adding a new permission level with the following items checked in the "Permissions" section: View Items, Open Items, View Pages, and Open. 

 

I have not experimented with creating a special permission level to pare this down even further (i.e. I don't know exactly what those permissions do, and what would happen if I took them away).

@rpawa , can you confirm this was on a modern site?

Will this solution also allow users to access and complete forms?

@rpawa Can you walk me through how to change my current group members permission setting to "Restricted Read" instead of "Read" or "View Only", and also how to set the Style Resource Readers group to "Restricted Read".

Any news about new solutions?

I need to give access to site homepage and specific folders in Site Contents. But I doesn't want users to mess around in whole Site Contents.

Do you have any solution for this? We need to hide site usage, sharing and site contents for external users (which have different email domains...)

Hi,

 

You can go for the restricted read permission level and the lockdown feature as well, that's all fine ..

but, just make sure you select client integration functions.. and external interfaces.. additionally in the permission level, this should make work everything (forms, but also certain images etc. and therefore prevents the overall access denied messages ..) as expected and prevent access to the application pages (also in modern SharePoint ;-))

You might want to set your SharePoint security groups membership setting to 'only members can see ... ' as well ..

hope IT helps !
best regards
Share P

@Reindert de Kok 

 

I am currently testing and in the same situation as everyone that has requested and posted regarding this problem. as @rpawa posted it is a permission thing but i will test what i may found as being everyone solution. Discovery needs experimentation :xd:. As soon as i am done testing fully with a few other users and a test user i am cramming with i will repost my findings and maybe the solution.

I take it back, it was just a fluke, got the site usage and site content option to be hidden for users but after permissions were propagated correctly the user could have seen them again. I am currently trying to limit what the user can see by playing with the permissions levels of share point. i gave users the following permissions: View Items under List Permissions and View pages + Open Under Site permissions. with these 3 permission the user can still get to the site content. I tried but without any success. it was a REAL fluke

Hi,

 

I had  the same issue I used a custom permission level with the "View application pages" permission disabled and my external users were still able to access the Site Contents.

 

When I first enabled, "Limited-access user permission lockdown mode" , both the site pages and Site content displayed "Access Denied". However, after playing around with the permissions I was able to find a combination that worked for me.

 

My Steps:

1. Enable the "Limited-access user permission lockdown mode" Site Feature (Site Settings > Site collection features > Limited-access user permission lockdown mode).

 

2. Create Custom Permission Level with the following permissions:

  1. List Permissions
    • Add Items - Add items to lists and add documents to document libraries.
    • Edit Items - Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.
    • Delete Items - Delete items from a list and documents from a document library.
    • View Items - View items in lists and documents in document libraries.
    • Open Items - View the source of documents with server-side file handlers.
    • View Versions - View past versions of a list item or document.
  2. Site Permissions
    • View Pages - View pages on the Web site.
    • Browse User Information - View information about users of the Web site.
    • Open - Allows users to open the Web site, list, or folder in order to access items inside that container.
    • Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
    • Edit Personal User Information - Allows a user to change his or her own user information, such as adding a picture.

Note: These permissions worked for my needs, you may want to modify according to your needs. However, this method didn't work without the "Use Remote Interfaces" permission being enabled.

 

3. Ensure the external user group has the correct permission level applied to it. (Site Settings > Site Permissions > Check Permissions).

 

Result:

The External User group can access the site pages and but Site content and Site usage displays "Access Denied".

 

I hope this helps someone else!

 

 

@TristonT

 

Thank you TristonT, the only thing i was missing from what you have done is and that was i did not enable this: (Site Settings > Site collection features > Limited-access user permission lockdown mode)

 

Those are the minor things you miss sometimes but thank you ALOT this has helped me for what i was looking for.