No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

External invites - permissions problem

This question is not answered This question is not answered

Can I control permissions for external users or not? In a P1 account, I've added an external user with an @Live id and they show up in the Members and Visitors groups. When I try to grant permission to the user id to access the team site, nothing happens - they don't get added. When I try to log in with the id, I just get access denied.

Is this feature ever going to work as promised or not?

All Replies
  • Hello Mch,

    This is Jason Burnside from Microsoft Office365 SharePoint Support.

    Thanks for coming to the communities with your concerns about granting permissions to an external user.

    Yes, you can control the permissions of an external user.

    Once the external user accepts the invitation, it enters them in the group you specified when you shared the site. Please do not delete the external user from its original permission’s group until they are added to a different group or given different permissions. At this point, you can go to a permissions group or grant the user permissions directly. When changing the permissions for the external user, set the permissions up for their live id instead of a username.

    Are you receiving the Access Denied error when trying to gain access while you are logged in with a different user on the same computer? If so, please logout from SharePoint completely on your computer when trying to login through the live id email account.

    Please let me know if this resolves your issue.

    I will continue to monitor this thread if you have any additional questions.

    2 out of 2 people found this post helpful.

  • Hello Mch,

    Did you have any further questions?

    I will continue to monitor this thread if you have any additional questions.

  • Jason,

    No it doesn't work I'm afraid. The live id is in the "visitors" group after accepting invite. I didn't change anything. I grant the user permission to access the team site which appears to work - the user appears in the list of users with permission. I sign out and sign back in with the live id and then have to go to live.com to sign in. Then I see this everytime - even weeks after the user was added:

     

    Access denied
     
    The user ID that you entered is not recognized. If this is a new account, it may take a few hours before you have access to services.
     
    Sign out

    Please explain.

  • Hello Mchv2.0, 

    Please try the following instructions: 

    1)      Click on the Site Actions dropdown, click on site settings

    2)      Under Users and Permissions, Click Site Permissions

    3)      Click Create Group

    4)      Give a name and choose which permissions this external user group will have, click Create

    5)      Go to the URL and type http://<domain>.sharepoint.com/TeamSite/_layouts/permsetup.aspx

    6)      Choose either the “Visitors to this Site” or “Members to this Site”, make sure the option to “Use an existing group” is selected

    7)      Click the dropdown arrow and choose your created group, click OK

    8)      Click on the Site Actions dropdown, click on Share Site

    -          Your Created Group should be one of the groups you may invite an external user to

    9)      Send invitation

    After they accept the invitation, you may change the group permissions and they should still be able to access the site. I have tested this with two different live email accounts and it worked both times without any issues.

    Please let me know if this resolves your issue.

     I will continue to monitor this thread if you have any additional questions.

    2 out of 2 people found this post helpful.

  • Hello Mchv2.0,

    Did you have any further questions?

     I will continue to monitor this thread if you have any additional questions.

  • Yes, that doesn't work either.

    First, I think you forgot the step  to add the external user to the group so they show up. But even then all I get is this:

    The user(s) have been added successfully but SharePoint was unable to send the e-mail invitation. Verify that the server is set up correctly to send e-mail.

    The added users may still log on to your site by signing in with their email address.

    When I attempt to sign in with the @live id I get this:

    The Windows Live Network is unavailable from this site for one of the following reasons:
    • This site may be experiencing a problem
    • The site may not be a member of the Windows Live Network

    You can:

    • You can sign in or sign up at other sites on the Windows Live Network, or try again later at this site.

    If I finally get through that and do manage to log in with the live id, it has all access instead of the limited access granted. So I'm back to the original question.

     

    So not only is the process you outlined unnecessarily complicated, it also doesn't really work. When I'm logged in with the Live id (which has view only permissions) I'm able to access everything at the admin level - including changing the permission levels for the id!! Is there any chance this is going to be fixed / improved?

     


  • Hello Mchv2.0,

    You do not add the external user before you send the invitation. Please make sure to go through the instructions from the above post. I have verified that the instructions are correct. You are able to change the permissions for the group once the invitation is accepted.

    I will continue to monitor this thread for further posts or questions.

    2 out of 2 people found this post helpful.

  • I think I did what you suggested but it seems a bit complicated. I'm not sure why it would make any difference if you add the user first or not. I also don't know how anybody would know that since it's not specified anywhere.

    To be considered a "working" feature it has to allow for the different ways it can be deployed - and still work. You really can't offer several ways to do the same thing and then say "oh, but only one of the ways actually works". That just makes it too complicated and confusing for the average user.

    Especially if even if you do all that it still doesn't work.

  • Hello Mchv2.0,

    The reason you are unable to give them permissions first is that they would need a license. The invitation is a way to allow an external user to access the site without a license.

    I will continue to monitor this thread for further posts or questions.

  • But if that's the only way it's going to work, shouldn't the "share site" link specify that the user has to be added to the group as part of the invitation process? Otherwise how would anyone know that? Perhaps that's why the feature isn't working for a lot of people. And that's why I include in my definition of "working" that it's made clear how a feature should be used. Without that, it may technically "work", but still people aren't able to use it.
  • Hello Mch,                     

    I apologize for the inconvenience however I believe you misunderstood what I was trying to explain. You do not add the users to the group manually. The user is added to the group, to which you invited them, automatically when the invitation is accepted by the user through their email invitation. In the above post, I was giving you instructions on how to create your own group to send the invitation from. After the user accepts the invitation, the user is added to the group and you may change the permissions for the group or you may assign the user to the permissions as you would a normal user.

    I will continue to monitor this thread for further posts or questions.

    1 out of 1 people found this post helpful.

  • I think I do understand what you're saying but it just doesn't work.

    I created a group for external visitors

    Granted limited permissions to that group for team site

    Click "Share site" and enter invitee email

    There are no groups in the drop down to select from

    Click accept invitation in the email

    The result:

    Access denied
     
    The user ID that you entered is not recognized. If this is a new account, it may take a few hours before you have access to services.
     
    Sign out

     

    The fact that there are so many discussions about this make it clear it's just not very well designed. A simple feature like this shouldn't require so much explanation.

    1 out of 1 people found this post helpful.

  • Hello Mchv2.0,

    Would you be able to clarify one of the instructions you mentioned?

    “There are no groups in the dropdown to select from”. Are you using "Users in this Group" dropdown from the Share Site to try to grab your created group? If so, please try these instructions instead after you created your group:

    1)      Go to the URL and type http://<domain>.sharepoint.com/TeamSite/_layouts/permsetup.aspx or http://www.<domain>.com/TeamSite/_layouts/permsetup.aspx

    2)      For either the “Visitors to this Site” or “Members to this Site”, make sure the option to “Use an existing group” is selected

    3)      Click the dropdown arrow and choose your created group, click OK

    4)      Finally, go to the Site Actions to click on Share Site, Invite user

    5)      Once the user accepts, you should be able to go to your Site Permissions to locate the group and change the permissions for the group

     

    In the end, we are trying to use a custom group to invite the user instead of the standard Visitors or Members group.

    If this is what you were already doing, I apologize for the inconvenience. From your post, it seemed you were clicking the dropdown from the Share Site “Users in this group” dropdown.

    I will continue to monitor this thread for further posts or questions.

    2 out of 2 people found this post helpful.

  • I attempted to complete your instructions as indicated above. I have already completed many of the other presteps as indicated in the multiple forum posts on this topic.

    When I attempt #5 - I get a file not found error.

  • I marked this as a helpful post since it is the exact same result I am getting on this issue.