Forum Discussion
Stop Access to secure files for admin
Hi,
I have been tasked to setup a SharePoint Site for my company which i have nearly completed, i have uploaded all files that are accessible by me. My CEO now wants to add his files but i cannot see a way of him doing this without removing me from being SharePoint Admin.
If i make myself "Admin" instead of "Primary Admin", then i can remove my access to the secure "Corporate" site but i can still go back to SharePoint Admin and change myself to Primary Admin and then gain access. Is there a way to stop this please? (i am self taught so i am possibly missing a glaring option somewhere or maybe looking at it from the wrong angle or something!!)
Any help greatly appreciated.
Nathan Humphreys
Short answer no. As a SharePoint Admin or Global Admin you will always be able to add yourself back into the site.
Best practice it to have one user account and one Admin account, so your user account would never have access but your Admin account could add you back in as an Admin if the CEO needed support. In these situations you need to be trusted that you wouldn't look at the content in the site and the Audit logs are there to prove this if that were ever needed.
4 Replies
Short answer no. As a SharePoint Admin or Global Admin you will always be able to add yourself back into the site.
Best practice it to have one user account and one Admin account, so your user account would never have access but your Admin account could add you back in as an Admin if the CEO needed support. In these situations you need to be trusted that you wouldn't look at the content in the site and the Audit logs are there to prove this if that were ever needed.
Thanks for taking the time and confirming that.
The other option is great except i will be doing lots of changes over the coming weeks and he wants to upload soon.
I have suggested he use ODfB for the ultra secure files and share those which need to be shared. We shall see what the outcome of that is. 🙂
We will discuss this on Monday.
Thanks Nathan
- Take a look also at what Privileged Identity Management can do for you in the scenario described.
