SharePoint
Feedback by UserVoice

Michelangelo

My feedback

  1. 14 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      Michelangelo supported this idea  · 
    • 3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        Michelangelo supported this idea  · 
        Michelangelo commented  · 

        I ran into an issue, which technically isn't possible, but because I didn't see it with my own eyes I am having to go off of the word of my end-users, but we had a user perform an edit to a document when the user only has READ access.

        My first thought was to obviously double/triple check the user's permissions, but my second thought was to run an audit report (SharePoint Online -by the way), and check the following options:
        *Opening or downloading documents, viewing items in lists, or viewing item properties
        *Editing Items
        *Moving or copying items to another location in the site
        *Deleting or restoring items

        The report didn't even come back with data -which inevitably lead to a whole other related, albeit different issue.

        I ended up contacting Microsoft on the issue, and the only thing I got out of the ticket was a link to this article: https://support.office.com/en-us/article/view-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527

        Drop down the section titled: "Events available for audit log reports" and you will notice that the check-box in the audit report for SharePoint Online called "Opening or downloading documents, viewing items in lists, or viewing item properties" doesn't even work by design.

        It is baffling to me that the option exists, when it is guaranteed to not work.

        The reason I come here is to shed light on the fact that the above stated selection (Opening or downloading documents, viewing items in lists, or viewing item properties) should be working for SharePoint Online.

      • 34 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          3 comments  ·  SharePoint Administration » Security  ·  Flag idea as inappropriate…  ·  Admin →
          Michelangelo commented  · 

          You can use custom-built views for this - just a thought.

        • 82 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            10 comments  ·  SharePoint Administration » Security  ·  Flag idea as inappropriate…  ·  Admin →
            Michelangelo supported this idea  · 
            Michelangelo commented  · 

            Using obscure view names and disseminating the hyperlinks to targeted users can kind of accomplish this, albeit you would want the default view to be set to show no content.

            I personally find it tedious to manage permissions at the file/folder level, and even the library/list level. Ideally I want to manage permissions from the site level whenever possible, and so this would not be appeasing for me, because this is even more granular then file/folder level permissions.

          • 112 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              Michelangelo supported this idea  · 
              Michelangelo commented  · 

              On our tenant we had to disable group creation because we were essentially incapable of administering over the standalone site collections created when an O365 group is created.

              We know you can use security groups to allow for select users to have group creation enabled and how we could provide our admins with ownership over all the various site collections created via O365 group creation, but we never set our environment in a way that accounts for this, so we did the easiest thing possible which was eliminate the capability and do damage control on what already existed.

            • 134 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                Michelangelo supported this idea  · 
                Michelangelo commented  · 

                Super awesome idea. Definitely would help me out with learning PowerShell being new to it.

              Feedback and Knowledge Base