14 votes1 comment · SharePoint Administration » Office 365 SharePoint Tenant Admin · Flag idea as inappropriate… · Admin →
3 votes2 comments · SharePoint Administration » Auditing & Compliance · Flag idea as inappropriate… · Admin →
I ran into an issue, which technically isn't possible, but because I didn't see it with my own eyes I am having to go off of the word of my end-users, but we had a user perform an edit to a document when the user only has READ access.
My first thought was to obviously double/triple check the user's permissions, but my second thought was to run an audit report (SharePoint Online -by the way), and check the following options:
*Opening or downloading documents, viewing items in lists, or viewing item properties
*Moving or copying items to another location in the site
*Deleting or restoring items
The report didn't even come back with data -which inevitably lead to a whole other related, albeit different issue.
I ended up contacting Microsoft on the issue, and the only thing I got out of the ticket was a link to this article: https://support.office.com/en-us/article/view-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527
Drop down the section titled: "Events available for audit log reports" and you will notice that the check-box in the audit report for SharePoint Online called "Opening or downloading documents, viewing items in lists, or viewing item properties" doesn't even work by design.
It is baffling to me that the option exists, when it is guaranteed to not work.
The reason I come here is to shed light on the fact that the above stated selection (Opening or downloading documents, viewing items in lists, or viewing item properties) should be working for SharePoint Online.
You can use custom-built views for this - just a thought.
Using obscure view names and disseminating the hyperlinks to targeted users can kind of accomplish this, albeit you would want the default view to be set to show no content.
I personally find it tedious to manage permissions at the file/folder level, and even the library/list level. Ideally I want to manage permissions from the site level whenever possible, and so this would not be appeasing for me, because this is even more granular then file/folder level permissions.
112 votes16 comments · SharePoint Administration » Office 365 SharePoint Tenant Admin · Flag idea as inappropriate… · Admin →
Thx for your input. We are working on this and modern sites will be available from SP Admin Center soon.
On our tenant we had to disable group creation because we were essentially incapable of administering over the standalone site collections created when an O365 group is created.
We know you can use security groups to allow for select users to have group creation enabled and how we could provide our admins with ownership over all the various site collections created via O365 group creation, but we never set our environment in a way that accounts for this, so we did the easiest thing possible which was eliminate the capability and do damage control on what already existed.
134 votes3 comments · SharePoint Administration » on-premise Central Admin · Flag idea as inappropriate… · Admin →
Super awesome idea. Definitely would help me out with learning PowerShell being new to it.