More Granular Permissions for Office 365 Groups: A Work in Progress?

3 minute read

There are changes afoot in the way we can manage permissions in an Office 365 Group Team Site. (Naming for this stuff is getting really tricky. I continue my habit of capitalizing “things” that have a name in the product, to avoid confusion with the “concepts” behind them.)

In the last few days, we’re seeing some new ways to manage Group permissions behind the cog in a “modern” Team Site, aka, the site for an Office 365 Group.

Dan Holme (@danholme) posted an image to Facebook – which I think is visible to his friends, thus basically public – that shows his view of what’s going on.

I see slightly different things in several tenants. I *think* First Release has to be on for you to have these capabilities, but I’m not positive about this. If you have the Site Permissions option behind the cog in a “modern” Team Site, like this…

…you’ll see a panel which looks something like the one below. The red box is what seems to be new. From a Group Team Site life cycle management perspective, being able to “flip” a site from Edit to Read mode is a Very Good Thing. I’m not a huge fan of the “archive” idea, but I often want to stop people from using a site after it’s usefulness has waned. At that point it can be an historical record, but people shouldn’t be able to add new content to it or change existing content.

It took me some fiddling around to figure out how this works, but by clicking on the “Edit” underneath the Group members, I can change the permissions from Edit to Read.

The effect of this is basically to slide the Group members down into the Read bucket.

What I’d really like to be able to do is add *different* people into the Read bucket – maybe we want the executives to be able to drop into a project Team Site, but not edit stuff, for example – but I can’t figure out how to do that with the UI as it is. Note that the “go to Outlook” text at the top of the panel is actually a link (sort of invisible, but it’s there) to take you over to Outlook to manage Group membership. I don’t see anything over in Outlook which reflects this Read idea, but I expect that’s coming.

One of the joys of a living and breathing service is we get to see things as they roll out, sometimes even in the middle of changes. I expect this will all gel in the near term, but at the moment, it’s pretty confusing, IMO. I’ve reached out to Dan to gather more info, and I’ll add it here as I understand things better. In the meantime, we know that more granular permissions control for Groups is really coming!

<UPDATE 2017-03-03>

Yesterday I had a chat with Dan about where this is all heading. It was one of those “I can’t tell you what he showed me” conversations, but I can say that I see the sense in where it’s heading.

It’s a tricky line they are walking as they move SharePoint from “classic” to “modern” pages. Many of us long-time SharePoint folks are looking for the same terminology and UI that we’re used to – even though we’ve been clamoring for improvements for years!

The upshot is I think we will have the right combination of the old SharePoint (that’s probably why we see “Site Members/Owners/Visitors” in the UI above) and the “modern” SharePoint (probably more role-based?). It’s going to continue to feel weird as we move from one world to the other, but we’re getting there.

Finally, Dan and I talked about a few things I think they could communicate a bit better. I expect Dan and others will be doing posts around some of those topics (did you know you can remove the News Web Part from a “modern” Team Site home page now?) and more very soon.

</UPDATE>

Advertisements

3 Comments

  1. I’m hoping they surface a “Group Visitors” concept. I’d love to be able to add people to something like that so they can read the conversations, view the calendar, view files, etc but change nothing WITHOUT having to make the group entirely public.

    We use groups for job postings as a location to save resumes, etc. Members of the committee only need read access but of course that wasn’t possible until this, and even with this, it’d be nice to have a “less user touch” solution.

    Reply

Have a thought or opinion?