In our SharePoint Online Team Site [TS], we would like to have a Restricted access Documents Library [RDL] for the Team Board. We created specific RDL_Owners, RDL_Members and RDL_Visitors groups (similar to TS_* groups) which we assigned respeectively"Full Control", "Edit" and "Read" unique permissions on the RDL. We populated the RDL_* groups with a subset of the TS_* groups' members.
We understand we cannot restrict the Sites Collection Administrators from having access to RDL (this is not the point); however, we were unable to avoid TS_Owners from having access to RDL - i.e. it looks like anybody with "Full Control" rights on a parent site cannot be prevented from having such access on child objects even if those have unique permissions.
The same finding does not apply to TS_Members (we can restrict their access rights).
Are we doing something wrong? Thanks, Pierre
We understand we cannot restrict the Sites Collection Administrators from having access to RDL (this is not the point); however, we were unable to avoid TS_Owners from having access to RDL - i.e. it looks like anybody with "Full Control" rights on a parent site cannot be prevented from having such access on child objects even if those have unique permissions.
The same finding does not apply to TS_Members (we can restrict their access rights).
Are we doing something wrong? Thanks, Pierre
Pierre
