Best Practice for SharePoint Permissions Modern Team and Communication Site
https://sharepoint.stackexchange.com/questions/283749
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
So here is my context, when we are creating new Communication site as SP Admin, we are currently creating new AD Security Group with site name and adding them to the default groups. When users are requested to be added ticketing system allows us to add them to the group, either admin can add or we can automate based on the request. My Question is what is the purpose of SharePoint groups if we are managing permissions from M365 group? Also we are giving access request settings, managing permissions by Site owners a lower priority by asking users to raise tickets.
What are the best practices to use both methods for the best governance. I was thinking that using both tickets to add to Security groups and Owners accepting requests should be used hand in hand.
For team sites, M365 team default groups are added to the Security groups in members and owners to keep it simple.But to be able to have them added to the team chat site owner needs to add them to the default team Members or Owners group itself instead of SPGroup.
Any administrators out there for rescue??
La solution 2
So I found my own answer. There are 3 options
- Using just SharePoint Groups and adding users directly into those groups.
- Using Azure AD Security Groups and adding them into SharePoint groups.
- A mix of Both AD security groups as well adding individual users to SharePoint Groups.
One major thing to notice is that you should never add users directly. You have to use one of the 3 ways listed above.
It totally depends on the organization standards.
I personally recommend using a mix of both that is the 3rd option. In this option we have the facility to create Azure AD security groups for Communication sites for each of the 3 SP groups created OOB. And add those site specific security groups to each of the respective SharePoint Groups. Now also enable the access request settings to allow site owners as well able to manage the permissions. This is helpful in involving site owners involve in site permissions assignments.
Note that Site owners need a simple document or a SP Page or Site with concepts of how permissions work on Modern Sites. What are different ways for them to either request access or grant access.
Team site -
M365 group -Owners, Members added to SP Owners, Members. Here we need to have additional viewer AD security group and add it to Viewer SP Group
Communication Site -
3 Security groups created and add users to those groups through ticketing.
And individual users added through owners email through invitations.
Autres conseils
In my point of view, Security groups and Microsoft 356 groups can be used in different site collections, SharePoint groups are for each individual site collections.
