SPO access issues - guest user suddenly only has access to 2 out of 4 SPO sites

Super Contributor

Hello. We have a guest user who until today, could access all 4 SPO sites to which they'd been granted access. As of today, they can only access 2 of those sites. 

  • They are listed as (one of many) guest users in Azure AD
  • Their permissions are the same across all 4 SPO sites (read)
  • We've removed and re-added them to their SPO security groups
  • They tried Internet Explorer and Chrome
  • They've tried normal and in private browsing
  • We've looked at broken permissions to make sure the URL they're using isn't uniquely secured
  • We had them request access via the site and we've clicked to allow them, and they still cannot access

Any ideas?

7 Replies

another detail - when i export users from the O365 admin portal, this guest who has been using the SPO sites for year shows as just being added on 7/30/19, corresponding with the password change timestamp. They have no ProxyAddress listed, while everyone else does. Not sure if this is important...

Shouldn’t if they have access to two other sites. Wondering if a similar bug got reintroduced where if you had a people web part of a people hover card link such as created by column showing on a page it would give access request error. Or if comments were turned on the page. Are comments turned on, on the pages they have / don’t have access too?
Have you tried to re-add the user directly in Azure AD?

Hi @Chris Webb -comments are not turned on for the pages they can't access. The people web part shows no errors when I hover over her initials.

Hi @Juan Carlos González Martín - as guests, they are added nightly as guests from the subsidiary's Azure AD, via a script. So far, the script had been working great, but I now have 3 guest users who all show a password reset timestamp within a minute of each other, all suddenly locked out of certain sites.

if there is a people webpart on the pages that could be triggering the error. In the past anything that pulled up personal info from the tenant woudl trigger in the past. Is there something different on the pages that error vs. not in terms of people web parts / document libraries with created by links?

@Chris Webb - on the sites they can't access, I also had them try links of just document libraries and lists they should have access to, and access denied there as well. it's so strange. but i do appreciate the info on those web parts causing issues.