First: great video! Second: So, it is a good idea to break the inheritance from the root folder? I mean, not the "root" exactly, but if a Site Owner has several folders (like projects) and then the owner can break the permissions inheritance from every folder of its site just for grant permissions in a separately way for any collaborator?
Thanks Carlos. We don't generally recommend breaking inheritance because it creates so many new places to go to adjust permissions in one site and users can struggle to find and identify these over time. There can be exceptions to this rule if the site owner can and is willing to keep track of where permissions are different in a site, that's just easier said than done. In the case you mentioned, you can break inheritance on all of those folders and it will keep the existing groups that were given access. New people added to those default groups will get access but new groups added at the top-site level won't get access.... many people assume there's no broken inheritance and don't realize why top level permissions don't apply to those folders. Then you also have to manage people and groups on every one of those folders at the folder level. As an alternative I would consider migrating each project folder to it's own SharePoint site collection and add those project members to the root of the site. An organization that did that would have a standard that every project has a site, all permissions are managed at the root of every site collection, and they wouldn't have "hidden permissions" on multiple libraries or folders.
Can you make the whole site private except for those who have certain permissions? Example, we are looking at creating a Teams Site SharePoint for our HR team. With HR having confidential information, can we spot others from within the company viewing the site? If so, what happens if someone shares a link to a document not realizing it's connected to the SharePoint site. Will they get a note saying something like "You do not have permission to access this site?"
Hi Krista, yes you're spot on with this. Your HR team should have their own team site they only have permissions to. If a document needs to be shared outside of that team with the broader company, that document should be copied/published on a communication site the rest of the company has access to. But if someone shares a link to the team site document, it depends on how it was shared. If they generated a link that gave specific people permissions, those people get permissions. But if they're just grabbing the link from their browser and pasting it somewhere, yes they will be greeted with a "you do not have permission" error.
Very informative video Thanks. My Perm Problem is: our sites were migrated from an old SP version. Only Adv.Perm works. And I want to get away from this config. Is there hope for us? Thanks
We usually recommend a hard reset of permissions and sort everyone back into the default groups (owner/member/visitor) during migration to new sites. The good news is even if you used a tool to move both content and permissions, you can still go to permissions settings and delete the unique ones! It's really about utilizing those original groups and deciding if you need to break up content across site collections where you see the need for unique permissions: support.microsoft.com/en-us/office/customize-permissions-for-a-sharepoint-list-or-library-02d770f3-59eb-4910-a608-5f84cc297782
I understand your point to break up the content into separate site collections to avoid permissions nightmare, but what about eventual site sprawl nightmare? Too many sites for a large company can be difficult to manage too for administrators. It would be great to have a video on archiving sites
Challenges administering SharePoint and Teams sprawl is real. It isn't clear how large a company you are talking about, but we often recommend locking down who can create Teams and SharePoint sites at a minimum. For organizations of under 100 employees we recommend adding a basic approval process. For larger organizations we recommend using automated governance tools. These recommendations are flexible and highly dependent on a specific organizations needs and the value these tools provide. Thanks for the content idea regarding archiving or dealing with lots of sites.
Hi ! Very useful your video. I have a situation, long story-short: How do you suggest organizing sharepoint for following scenario: In my company the legal advisor and a collaborator are managing all company contracts for about 110 customers. For these customers some contract managers are responsible, for example person A responsible for 2-3 customers, person B responsible for other 3-4 customers, etc, so they need to access relevant documents. I have a sharepoint team site called "Legal Department" where in a single (default) document library each customer contracts and any additional docs are in folders with the name of the customer. How do you suggest organize sharepoint in such a way that: MOST IMPORTANT - each contract manager (aka person A,B) has access ONLY to his customer folder and nowhere else, and everyone in the org to be able to access the site and to see only general presentation of Legal Department (text, pictures, web links, etc) but no customer folders at all ? To create a site for every customer would be a big mess I guess (more than 100 and growing constantly). Appreciate any suggestion. Thank you.
You should create a Communication site that is where the Legal Department will post "general presentation". We would call this a Department Intranet site. You should create a Teams Shared Workspace or a SharePoint Teams site where all of the Contract Managers have read only access to the site. Then create folders for each customer and break inheritance removing and removing access for the Site Visitors SharePoint group and adding Edit permission for the specific Contract Manager that should have access to that customer. This is a complicated scheme so you will want to make sure to properly manage and maintain this. It would be safer to create dedicated sites, but you already said you don't think that will work. If you want to discuss this more please join our Office Hours tomorrow or you could purchase a private coaching session.
By default the members group is configured to have the edit permission level not the contribute permission level. *Contribute permission level is what most people likely think of. It means users can upload, download, read, and edit files and list items. *Edit permission level adds the ability to add, remove, or modify lists and libraries It is really important for administrators to understand these differences.
Late response here, not sure the exact question, but we typically create a content type hub that other sites subscribe to, where only a few folks have permissions to edit.
Being a site or team owner is a big responsibility. What have you found that works in the permission's nightmare?
Why is this video so soothing to watch and understand.
Haha thanks for the love!
First: great video! Second: So, it is a good idea to break the inheritance from the root folder? I mean, not the "root" exactly, but if a Site Owner has several folders (like projects) and then the owner can break the permissions inheritance from every folder of its site just for grant permissions in a separately way for any collaborator?
Thanks Carlos. We don't generally recommend breaking inheritance because it creates so many new places to go to adjust permissions in one site and users can struggle to find and identify these over time. There can be exceptions to this rule if the site owner can and is willing to keep track of where permissions are different in a site, that's just easier said than done.
In the case you mentioned, you can break inheritance on all of those folders and it will keep the existing groups that were given access. New people added to those default groups will get access but new groups added at the top-site level won't get access.... many people assume there's no broken inheritance and don't realize why top level permissions don't apply to those folders. Then you also have to manage people and groups on every one of those folders at the folder level.
As an alternative I would consider migrating each project folder to it's own SharePoint site collection and add those project members to the root of the site. An organization that did that would have a standard that every project has a site, all permissions are managed at the root of every site collection, and they wouldn't have "hidden permissions" on multiple libraries or folders.
Can you make the whole site private except for those who have certain permissions? Example, we are looking at creating a Teams Site SharePoint for our HR team. With HR having confidential information, can we spot others from within the company viewing the site? If so, what happens if someone shares a link to a document not realizing it's connected to the SharePoint site. Will they get a note saying something like "You do not have permission to access this site?"
Hi Krista, yes you're spot on with this. Your HR team should have their own team site they only have permissions to. If a document needs to be shared outside of that team with the broader company, that document should be copied/published on a communication site the rest of the company has access to. But if someone shares a link to the team site document, it depends on how it was shared. If they generated a link that gave specific people permissions, those people get permissions. But if they're just grabbing the link from their browser and pasting it somewhere, yes they will be greeted with a "you do not have permission" error.
Very informative video Thanks. My Perm Problem is: our sites were migrated from an old SP version. Only Adv.Perm works. And I want to get away from this config. Is there hope for us? Thanks
We usually recommend a hard reset of permissions and sort everyone back into the default groups (owner/member/visitor) during migration to new sites. The good news is even if you used a tool to move both content and permissions, you can still go to permissions settings and delete the unique ones!
It's really about utilizing those original groups and deciding if you need to break up content across site collections where you see the need for unique permissions:
support.microsoft.com/en-us/office/customize-permissions-for-a-sharepoint-list-or-library-02d770f3-59eb-4910-a608-5f84cc297782
I understand your point to break up the content into separate site collections to avoid permissions nightmare, but what about eventual site sprawl nightmare? Too many sites for a large company can be difficult to manage too for administrators. It would be great to have a video on archiving sites
Challenges administering SharePoint and Teams sprawl is real. It isn't clear how large a company you are talking about, but we often recommend locking down who can create Teams and SharePoint sites at a minimum. For organizations of under 100 employees we recommend adding a basic approval process. For larger organizations we recommend using automated governance tools.
These recommendations are flexible and highly dependent on a specific organizations needs and the value these tools provide.
Thanks for the content idea regarding archiving or dealing with lots of sites.
@@BulbDigital I would say for company under 100 - a simple structure as 1 department = 1 site + 1 corporate site for C level is starting point
Why a full control administrator has limited access in sharepoint? How do I get rid of it?
Your tenant permissions are not equal to your site permissions. You may have to grant yourself extra permissions on the site!
Hi ! Very useful your video. I have a situation, long story-short: How do you suggest organizing sharepoint for following scenario:
In my company the legal advisor and a collaborator are managing all company contracts for about 110 customers.
For these customers some contract managers are responsible, for example person A responsible for 2-3 customers, person B responsible for other 3-4 customers, etc, so they need to access relevant documents.
I have a sharepoint team site called "Legal Department" where in a single (default) document library each customer contracts and any additional docs are in folders with the name of the customer.
How do you suggest organize sharepoint in such a way that:
MOST IMPORTANT - each contract manager (aka person A,B) has access ONLY to his customer folder and nowhere else,
and everyone in the org to be able to access the site and to see only general presentation of Legal Department (text, pictures, web links, etc) but no customer folders at all ?
To create a site for every customer would be a big mess I guess (more than 100 and growing constantly).
Appreciate any suggestion. Thank you.
You should create a Communication site that is where the Legal Department will post "general presentation". We would call this a Department Intranet site.
You should create a Teams Shared Workspace or a SharePoint Teams site where all of the Contract Managers have read only access to the site. Then create folders for each customer and break inheritance removing and removing access for the Site Visitors SharePoint group and adding Edit permission for the specific Contract Manager that should have access to that customer.
This is a complicated scheme so you will want to make sure to properly manage and maintain this. It would be safer to create dedicated sites, but you already said you don't think that will work.
If you want to discuss this more please join our Office Hours tomorrow or you could purchase a private coaching session.
7.00 are members not edit ?
By default the members group is configured to have the edit permission level not the contribute permission level.
*Contribute permission level is what most people likely think of. It means users can upload, download, read, and edit files and list items.
*Edit permission level adds the ability to add, remove, or modify lists and libraries
It is really important for administrators to understand these differences.
@@BulbDigital Yes but you said members have contribute , they don’t have contribute they have edit permissions
excuse me ,how to permission ưContent Types in SharePoint ?
Late response here, not sure the exact question, but we typically create a content type hub that other sites subscribe to, where only a few folks have permissions to edit.
Did he just called me stupid ??😂
😅
KISS - keep it stupid simple ... doesn't sound like you're calling someone stupid lol. Switch the S.
Good thinking :)
This guy is annoying
We ❤️ our haters