Sharing a document library with external users

Frequent Contributor

Dear all, I know this topic has been discussed a number of times and there is plenty of guidelines out there on the process.


But even so I am running into some difficulty on the best way to acheive the following scenario, which is to share a document library within a teamsite with extneral users so they can only access documents within that library and not the rest of the teamsite.


External sharing has been enabled on our teamsite so all good there.


We have a teamsite (Alpha) and within that site I created a document library (A) and broke the inheritance from the main site.


I then created a group (A-readonly) with no permissions and after that I granted that group permissions (readonly) from library A.


All good so far, but now comes the confusing part. How to give external user ( access to the library and add them to the group I create (A-readonly).


Is this a 2 step approach e.g. sharing document/library with the user, once the user accepted (authenticated in the system) the invite I can then add them to the group or is there an easier approach.


Advice is needed on the best approach.



11 Replies

Assuming External sharing has been enabled you should be able to type their email address in when adding a new user.  They will be recognized as an external user and a sharing invitation will be created.


I think what you might be after is achieved by navigating via Site Settings to Site Permissions. Then select your read only group and the New to add the user. Adding an external user to this group will then invite user and permissions are in place.

@Nicholas Byng-Maddick Thanks! I have tried that but when I do the invite the user gets is for the main Teamsite (not the document library) and they get an error when trying to access, since the access is not for the teamsite. 


Any ideas?



if your security group has no site permissions (which you have indicated as you're just using it for the document library), then you will need to go to Site Settings -> People and groups and select your group from there. Once selected click New and enter the external user email address, optional message and click Share. 

best response confirmed by Damien Flood (Frequent Contributor)

That would be because of the way groups work in SharePoint.  No matter where you create a group they are attached to the site collection.  So when the invitation is sent its sent for the root context of the group.  But the only permission the user will have in that site is Limited Access.  So all they will be able to do is access the site and see the document that they do have permission to access.  They still only have permission to the document.  The only way to create an invitation to just the document is to share the document with the user individually.  The user will still get limited access to the site, but the invitation will be in the context of the document.

Hi Terry, The security group has read-only permissions. i.e. when I i grant the group access to the library i assign read-only permissions to that group.

@Paul Stork thanks!


So in my scenario when I need to give access to an external user to a specific document library is to share a document within that library and then once the user has accepted the invitation I can add that user to the specific security group?



@Paul Stork just thinking that then in the inital invite which directs users to the main site collection, I just need to give a link to the specific library they have access to?

Yes, if you want to add the user while creating the group.  But if you create the group first then remember when you share the document with the user you can pick the group from the drop down when assigning the permissions while issuing the share invitation.  But that is a two step process that you said you wanted to avoid. 

@Damien Flood - Could you summarize the approach that works well for you?  I read through these messages and I got a little confused.   I would have gone a slightly different path, I would have given the group, A- Readonly,  read-access to site 'Alpha' and read access to 'Library A'. I would have then locked down any of the lists and libaries on the site that I did NOT want my external collaborators to access. 

@Gregory Frick Hi, sorry for the late response.


So what has worked for my scenario is:


1. Within Library A, I share a file with an external user with view only permissions.


2. Once the user has accepted the invitation I add the user to the security group with read-only permissions. Now that user has read-only access to all items in that library.


In future, I am thinking its best to segregate  the content for internal users vs external i.e. have a specific teamsites for external groups etc. But the way it is currently we have it mixed and its not optimal for management.