Forum Discussion
Sharing a document library with external users
Dear all, I know this topic has been discussed a number of times and there is plenty of guidelines out there on the process.
But even so I am running into some difficulty on the best way to acheive the following scenario, which is to share a document library within a teamsite with extneral users so they can only access documents within that library and not the rest of the teamsite.
External sharing has been enabled on our teamsite so all good there.
We have a teamsite (Alpha) and within that site I created a document library (A) and broke the inheritance from the main site.
I then created a group (A-readonly) with no permissions and after that I granted that group permissions (readonly) from library A.
All good so far, but now comes the confusing part. How to give external user (someone@somewhere.com) access to the library and add them to the group I create (A-readonly).
Is this a 2 step approach e.g. sharing document/library with the user, once the user accepted (authenticated in the system) the invite I can then add them to the group or is there an easier approach.
Advice is needed on the best approach.
Cheers
That would be because of the way groups work in SharePoint. No matter where you create a group they are attached to the site collection. So when the invitation is sent its sent for the root context of the group. But the only permission the user will have in that site is Limited Access. So all they will be able to do is access the site and see the document that they do have permission to access. They still only have permission to the document. The only way to create an invitation to just the document is to share the document with the user individually. The user will still get limited access to the site, but the invitation will be in the context of the document.
11 Replies
Damien Flood - Could you summarize the approach that works well for you? I read through these messages and I got a little confused. I would have gone a slightly different path, I would have given the group, A- Readonly, read-access to site 'Alpha' and read access to 'Library A'. I would have then locked down any of the lists and libaries on the site that I did NOT want my external collaborators to access.
Gregory Frick Hi, sorry for the late response.
So what has worked for my scenario is:
1. Within Library A, I share a file with an external user with view only permissions.
2. Once the user has accepted the invitation I add the user to the security group with read-only permissions. Now that user has read-only access to all items in that library.
In future, I am thinking its best to segregate the content for internal users vs external i.e. have a specific teamsites for external groups etc. But the way it is currently we have it mixed and its not optimal for management.
Cheers
- I think what you might be after is achieved by navigating via Site Settings to Site Permissions. Then select your read only group and the New to add the user. Adding an external user to this group will then invite user and permissions are in place.
Nicholas Byng-Maddick Thanks! I have tried that but when I do the invite the user gets is for the main Teamsite (not the document library) and they get an error when trying to access, since the access is not for the teamsite.
Any ideas?
That would be because of the way groups work in SharePoint. No matter where you create a group they are attached to the site collection. So when the invitation is sent its sent for the root context of the group. But the only permission the user will have in that site is Limited Access. So all they will be able to do is access the site and see the document that they do have permission to access. They still only have permission to the document. The only way to create an invitation to just the document is to share the document with the user individually. The user will still get limited access to the site, but the invitation will be in the context of the document.
Assuming External sharing has been enabled you should be able to type their email address in when adding a new user. They will be recognized as an external user and a sharing invitation will be created.
