What do you do when you receive a request for access to your SharePoint site? Accept it immediately (because you want to be done with it, or you feel a bit ashamed that you have excluded someone) or find out exactly what they want because there may be more to the request than meets the eye?
Yes, I thought so. 🙂
Let’s dig a bit deeper into Access Requests. There’s quite a lot you can do with them, including creating unique permissions. You know that I hate that!
Microsoft explains this in detail but of course they they let you figure out all the implications by yourself. Or by me :-).
If your email address is in the Access Request Settings, you will receive access requests via email, and the requests will be replicated in the Site settings > Access Requests and Invitations page.
How does it work?
When you get the access request in your mail, you will see the link to the desired content. You can immediately click the “Accept” button from the email and give them Contribute permissions by default.
Yes, Contribute. That means they can edit the content.
Hmmm, perhaps clicking Accept immediately is not such a good idea after all. Perhaps Read-permissions are good enough. Or, if you have sent this link assuming they had access, it may be a good idea to give them access to the complete site.
Alternative: the Access Requests and Invitations page!
So, here comes the Access Requests and Invitations page to look at (and manage) the request.
You will see three categories: Pending requests, External user invitations and History.
Here again, you can click Approve or Decline, or check first what will happen if you click Approve. So, click the … next to the name of the requester. This pop up opens:
Here you see some more info:
What Office365 has decided about their permissions. In this case Office365 would add them as an individual to this document with Contribute permissions – most unpleasant!
You can click the drop down to select the Contributors or Visitors group for the site.
Who has asked access and what exactly for. Hover over the link to see the URL.
Date and time of the request
Email conversation with the person who requests access. You see I was busy writing this post, so the impatient Mystery Guest asked for permissions again 🙂
What would have happened…
If I had clicked Accept from the email or Approve from the Access Request page, this is what would have happened:
Exception: Site welcome page
There is one exception to this rule and that is when you send the link to the welcome page of the site. In that case the requester is added by default to the Members group. This also may be more than you want, though.
After approval, the request ends up under “Show History”. This gives a nice overview of everything that has happened in your site.
If you see a name very often, it may be an idea to give them access to the whole site.
When you receive an Access Request it may be better to spend some time figuring out the details, than to click Accept immediately. This will cost you some time now, but will save you time fixing unique permissions later (and dealing with even more access requests because too many inheritances are broken!).
Have you found any other “interesting” behavior of the Access Request?
As I am writing help materials for our new intranet I do not only have to think about “HOW do you do this” but also “WHY would you do this” and “How can you do this BEST, without spending too much time, adding maintenance or messing things up?”
With the migration of content to the new platform, many Site Owners need to rework their publishing pages. Generally these pages contain (clickable) header images, Promoted Links, Summary Links and links in the text.
On the old platform, when you want to grab the link to a document or image, you go to the library, right click on the name and select “Copy Shortcut” from the pop up. This is no longer available in SharePoint Online.
So, how does one get a link in SharePoint Online?
I have found 3 ways to link to a document, page or image:
In Summary Links as well as the Rich Text Editor on a page (Wiki page style), you can browse for the link to a document or image that lives in your site or site collection.
You can open the item and grab the URL from the address bar.
There is the new Get a Link option, which you will see when you select a document or image from a library, in the Action Bar (is that what it’s called?) and the pop up menu.
The users in my company are all accustomed to grabbing a link when they want to share a document via email or on Yammer, so I think this “Get a Link” will appeal to them.
However, at first glance I see 5 different options. What to select?
Let’s find out how this works!
Microsoft has already written about this but it is not very detailed.
So, I have created a brand new site in my own tenant. In this site I have uploaded 5 documents, each named after the action I will take.
I assume the file type is irrelevant so I have used a mix of Excel, Word and PowerPoint.
Please note I am the tenant admin, so I am not a normal Site Owner. Some things may work differently for a regular Site Owner with Full Control.
My tenant is almost out-of-the-box and external and anonymous sharing has been enabled on all site collections.
How to use Get a Link:
Select the document and click “Get a Link”
Select one of the 5 options
Click “Create” (if the link has already been created earlier you will immediately see “copy”
Click “Copy” and the link will be added to your clipboard
Paste wherever you need it.
You can remove a link if you longer want to share. This means the link will be disabled if someone clicks on it.
For links with “no sign-in required” you can set an expiration date. This means the link will no longer work if someone clicks on it after the expiration date.
2. Using the “View” and “Edit” links will break permission inheritance for the document as soon as you hit “Create”.
Yes, you may want to read this again:
Using the “View” and “Edit” links will break permission inheritance for the document as soon as you hit “Create”.
I was a bit worried about the word “guest_access” that I saw appearing in 4 of the 5 links, so I decided to check the permissions of my site.
Microsoft mentions this in the small letters of their post, but it is easily overlooked.
4 of the 5 docs have broken permissions inheritance! The permissions have not changed yet, but the inheritance has broken. This may not appear to be a big deal now, but if you ever happen to add a new group or individual to your site, which is not unlikely, you will have to remember to give them access to these documents.
Do you seriously think any Site Owner will remember this? Or have the time for that?
More scary and inconvenient findings
As soon as someone clicks on a link they are added to the permissions of the document, regardless of their existing role in the site.
People in the Members group get all the options for “Get a Link” as well!
I have tested this in my work environment and it turns out Members can see and use the “view” and “edit” options so they can break the permission inheritance of documents without the Site Owner being aware!
You can only find out which links have been created by checking the options for each document. Click “remove” if you see that an unwanted link has already been created. Now go find out which of your links (In a text, in Summary Links etc.) used this link 😦
You can remove the link, but the permission inheritance is still broken.
You can only “delete unique permissions” per document, so you have to go to Site settings > Site permissions > Show items with different permissions > View Exceptions > Manage permissions > Delete unique permissions.
This is a tedious process.
I think this can turn into a serious issue. I have found that many Site Owners do not fully understand the consequences of broken permission inheritance, and do not understand the extra maintenance and support issues involved. I have tried to tell them NOT to break permission inheritance unless it is really needed, and to never do this on a document or item level.
And even if they know, it is a time-consuming job to reset the permissions.
Also, why all this complexity for just getting a link? I think only the “Restricted link” would be sufficient. Who would ever want to use the “edit” options when linking to an image? Why would you use the “Get a Link” option to share via email if there is also a “Share” option which sends an email? (and which, in some cases, asks permissions to the Site Owner first?)
What would I recommend if you need a link?
Use the “Insert > Link > From SharePoint” option to link to a document or image when working in the text editor of a page
Use the “Browse” option when creating Summary Links
Use “Get a Link > Restricted View” when you want to get a link otherwise. This respects the permissions of your library.
Instruct your site Members about the dangers of Get a Link and ask them to use the Restricted Link.
What are your experiences with the Get a Link functionality? Have you been able to reduce the scope and if yes, how? I would appreciate to hear and learn from you!
Kitten image courtesy of Top Photo Engineer at FreeDigitalPhotos.net. Text added by myself.
Every time I configure a new list or library, I have to make The Decision: do I use a Choice column or a Lookup column to add metadata? It may look as if there is little difference, but your decision can have consequences for maintenance, scaling, copying etc.
Below are my considerations for creating one or the other.
To avoid confusion between “Choice Column” and “Choices”, I will use the word “Values” for the “things” that your users will pick when they add a new item to the list or upload a new document to the library.
You use a Choice column when…
The Site Owner wants to be in control of the values. Only someone with Full Control on the list or library will be able to make changes to the values.
You want to allow Contributors to add new values during startup only. It may be wise to give Contributors the “Fill-in choice” option, because you may have forgotten some values. Over time, you can add the frequently used Fill-in choices to the “regular” values.
You want to keep the selected values in items/documents that have been added earlier. When a value in a Choice column is changed or removed, all items with this value will keep the old value, until you edit the item. For example: you want to keep the Year for past items, but you want to show only the current or future Years for new entries.
There is a chance you will re-use the list or library in another site than the current one. If you save the list or library as a template, the values will be included in the template.
You want to control the sort order of values as they appear to the Contributors.
You want to define a default value, such as the most frequently used value, i.e. current Year.
You want to display values as radio buttons. I like radio buttons because they give a quick overview to Contributors. On the other hand, they make your add/edit form longer so I only use them when the add/edit page is short.
You use a Lookup column when…
All Contributors should be able to add or edit values. This can be useful in recently created or very collaborative environments.
You want changes in values to be adjusted in the attached items or documents immediately. The values from a Lookup column are dynamic, unlike the values in a Choice column.
You use the same values for other lists or libraries in the same site. Using one central Lookup list saves time in setup and maintenance and creates more consistency.
You want to allow end users to filter content on a web page with radio buttons. A Lookup column is easier to work with when you connect web parts.
You have many values and allow multiple values. According to Michal Pisarek, a Choice column can only contain 256 characters, so there is a limitation in the number of values you can select when you allow multiple values. I have not come across this myself, and I do not know if this is still the case for SP2010 or SP2013, but I thought I’d share this.
You want to allow end users to see more information than just the value. The Lookup field is clickable, so when the Lookup list contains more columns, you can easily click-through to the complete information.
You want to show more than one column from your Lookup column, e.g. when you pick the Location Code in your lookup column, you can choose to display the City Name from the same item in the Lookup list, such as in the screenshot below. (This functionality is available from SP2010 onward)
You also see that the Location column is clickable. When you click on item Number 1, it opens this:
Of course you usually have to weigh the pros and cons of each column type and end up with having to make some allowances. I had already started on a comparison table when I found Susan Hanley’s post, including a good table with evaluation.
In a next post, I will share some tips to make “selecting values” as easy, low-maintenance and error-proof as possible.
Do you have other recommendations for making The Decision? Please share!
Image courtesy of m_bartosch / FreeDigitalPhotos.net