locked
Best way to deny access RRS feed

  • Question

  • Hi.

    I am setting up several new site collections and want everyone in the company to have read access to everything (about 1000 users).  I assume the easiest way to do this would be to allow read access to the 'everyone' group in SharePoint, rather than add lots of AD groups that may not include some users?

    Also, there will be handful of accounts (for visitors, contractors, etc) that I want to have no access at all.  How should I deny them access?  I was thinking a user policy on the web application would be the best way to do this but then what if I want them to have access to just one site?

    Is there an easy way to allow 'everyone' access to everything but deny some users access to everything with exceptions?

    Thanks,
    D

    Sunday, July 10, 2016 4:17 PM

Answers

  • Hi,

    If you enable access to everyone to a list or site, you can't hide from certain users...or you can break the inheritance and add the all users individually....

    Create AD groups using rules and filter the accounts as per required and grant them a cess to list..separately. ...


    Karim... Please remember to mark your question as answered, if this solves your problem.


    • Edited by karimSP Sunday, July 10, 2016 4:33 PM
    • Proposed as answer by croute1 Tuesday, July 12, 2016 3:47 PM
    • Marked as answer by Victoria Xia Tuesday, July 26, 2016 2:20 AM
    Sunday, July 10, 2016 4:33 PM
  • Hi D UK,

    Agree with Karim.

    A User Policy allows a Farm Administrator to grant or deny access for a set of users to all site collections contained within a web application. Permissions applied using a User Policy cannot be over-ridden at the individual site collection.

    And these is no built-in method to exclude specific users from Everyone group. This group is created by SharePoint by default to contain all members of the Domain Users, Authenticated Users group and the Guest account.

    As a workaround, create a new group which contains all other groups and users except these specific users. Another workaround,  create a group includes these specific users, then check if current user belongs to SP group using JSOM. Page redirect if the current user belongs to this group.

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Victoria Xia Friday, July 15, 2016 9:20 AM
    • Marked as answer by Victoria Xia Tuesday, July 26, 2016 2:20 AM
    Monday, July 11, 2016 2:50 AM

All replies

  • Hi,

    If you enable access to everyone to a list or site, you can't hide from certain users...or you can break the inheritance and add the all users individually....

    Create AD groups using rules and filter the accounts as per required and grant them a cess to list..separately. ...


    Karim... Please remember to mark your question as answered, if this solves your problem.


    • Edited by karimSP Sunday, July 10, 2016 4:33 PM
    • Proposed as answer by croute1 Tuesday, July 12, 2016 3:47 PM
    • Marked as answer by Victoria Xia Tuesday, July 26, 2016 2:20 AM
    Sunday, July 10, 2016 4:33 PM
  • Hi D UK,

    Agree with Karim.

    A User Policy allows a Farm Administrator to grant or deny access for a set of users to all site collections contained within a web application. Permissions applied using a User Policy cannot be over-ridden at the individual site collection.

    And these is no built-in method to exclude specific users from Everyone group. This group is created by SharePoint by default to contain all members of the Domain Users, Authenticated Users group and the Guest account.

    As a workaround, create a new group which contains all other groups and users except these specific users. Another workaround,  create a group includes these specific users, then check if current user belongs to SP group using JSOM. Page redirect if the current user belongs to this group.

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Victoria Xia Friday, July 15, 2016 9:20 AM
    • Marked as answer by Victoria Xia Tuesday, July 26, 2016 2:20 AM
    Monday, July 11, 2016 2:50 AM