Oct 09 2019 07:36 AM
Dear all, is there a possibility to prevent site collection admins from actually opening documents in the SharePoint libraries they manage? So they can do all the admin stuff they need to do, but without having the option to look at confidential information (on document level). Love to hear from you. Frank.
Oct 09 2019 07:44 AM
The Site collection admin role overwrites all permissions on the site enabling the user to view/edit all data. There isn't a way to stop a site collection admin viewing data.
Quite a few customers give 2 accounts to these users so that in their day to day work they are only seeing data as a user and not as a site collection admin. They are then governed by your policy when accessing sites as the Site collection Admin user. Audit logs can be looked at to see what a particular user has looked at on a site.
Hope that helps
Andy
Oct 10 2019 02:28 AM
Oct 16 2019 07:43 AM
@Andrew HodgesHi Andy, thanks for your reply. We are thinking of using Azure Information Protection to keep admins from watching highly sensitive information. Would that be an option? Kind regards, Frank.
Oct 16 2019 07:52 AM