Sign up for Office 365
Learn more about Office 365
Can I control permissions for external users or not? In a P1 account, I've added an external user with an @Live id and they show up in the Members and Visitors groups. When I try to grant permission to the user id to access the team site, nothing happens - they don't get added. When I try to log in with the id, I just get access denied.
Is this feature ever going to work as promised or not?
Thanks for the feedback.
This is Jason Burnside from Microsoft Office365 SharePoint Support.
Thanks for coming to the communities with your concerns about granting permissions to an external user.
Yes, you can control the permissions of an external user.
Once the external user accepts the invitation, it enters them in the group you specified when you shared the site. Please do not delete the external user from its original permission’s group until they are added to a different group or given different permissions. At this point, you can go to a permissions group or grant the user permissions directly. When changing the permissions for the external user, set the permissions up for their live id instead of a username.
Are you receiving the Access Denied error when trying to gain access while you are logged in with a different user on the same computer? If so, please logout from SharePoint completely on your computer when trying to login through the live id email account.
Please let me know if this resolves your issue.
I will continue to monitor this thread if you have any additional questions.
2 out of 2 people found this post helpful.
Did you have any further questions?
No it doesn't work I'm afraid. The live id is in the "visitors" group after accepting invite. I didn't change anything. I grant the user permission to access the team site which appears to work - the user appears in the list of users with permission. I sign out and sign back in with the live id and then have to go to live.com to sign in. Then I see this everytime - even weeks after the user was added:
Please try the following instructions:
1) Click on the Site Actions dropdown, click on site settings
2) Under Users and Permissions, Click Site Permissions
3) Click Create Group
4) Give a name and choose which permissions this external user group will have, click Create
5) Go to the URL and type http://<domain>.sharepoint.com/TeamSite/_layouts/permsetup.aspx
6) Choose either the “Visitors to this Site” or “Members to this Site”, make sure the option to “Use an existing group” is selected
7) Click the dropdown arrow and choose your created group, click OK
8) Click on the Site Actions dropdown, click on Share Site
- Your Created Group should be one of the groups you may invite an external user to
9) Send invitation
After they accept the invitation, you may change the group permissions and they should still be able to access the site. I have tested this with two different live email accounts and it worked both times without any issues.
I will continue to monitor this thread if you have any additional questions.
Yes, that doesn't work either.
First, I think you forgot the step to add the external user to the group so they show up. But even then all I get is this:
The user(s) have been added successfully but SharePoint was unable to send the
e-mail invitation. Verify that the server is set up correctly to send
The added users may still log on to your site by signing in with
their email address.
When I attempt to sign in with the @live id I get this:
The Windows Live Network is unavailable from this site for
one of the following reasons:
This site may be experiencing a problem
The site may not be a member of the Windows Live Network
If I finally get through that and do manage to log in with the live id, it has all access instead of the limited access granted. So I'm back to the original question.
So not only is the process you outlined unnecessarily complicated, it also doesn't really work. When I'm logged in with the Live id (which has view only permissions) I'm able to access everything at the admin level - including changing the permission levels for the id!! Is there any chance this is going to be fixed / improved?
You do not add the external user before you send the invitation. Please make sure to go through the instructions from the above post. I have verified that the instructions are correct. You are able to change the permissions for the group once the invitation is accepted.
I will continue to monitor this thread for further posts or questions.
I think I did what you suggested but it seems a bit complicated. I'm not sure why it would make any difference if you add the user first or not. I also don't know how anybody would know that since it's not specified anywhere.
To be considered a "working" feature it has to allow for the different ways it can be deployed - and still work. You really can't offer several ways to do the same thing and then say "oh, but only one of the ways actually works". That just makes it too complicated and confusing for the average user.
Especially if even if you do all that it still doesn't work.
The reason you are unable to give them permissions first is that they would need a license. The invitation is a way to allow an external user to access the site without a license.
I apologize for the inconvenience however I believe you misunderstood what I was trying to explain. You do not add the users to the group manually. The user is added to the group, to which you invited them, automatically when the invitation is accepted by the user through their email invitation. In the above post, I was giving you instructions on how to create your own group to send the invitation from. After the user accepts the invitation, the user is added to the group and you may change the permissions for the group or you may assign the user to the permissions as you would a normal user.
1 out of 1 people found this post helpful.
I think I do understand what you're saying but it just doesn't work.
I created a group for external visitors
Granted limited permissions to that group for team site
Click "Share site" and enter invitee email
There are no groups in the drop down to select from
Click accept invitation in the email
The fact that there are so many discussions about this make it clear it's just not very well designed. A simple feature like this shouldn't require so much explanation.
Would you be able to clarify one of the instructions you mentioned?
“There are no groups in the dropdown to select from”. Are you using "Users in this Group" dropdown from the Share Site to try to grab your created group? If so, please try these instructions instead after you created your group:
1) Go to the URL and type http://<domain>.sharepoint.com/TeamSite/_layouts/permsetup.aspx or http://www.<domain>.com/TeamSite/_layouts/permsetup.aspx
2) For either the “Visitors to this Site” or “Members to this Site”, make sure the option to “Use an existing group” is selected
3) Click the dropdown arrow and choose your created group, click OK
4) Finally, go to the Site Actions to click on Share Site, Invite user
5) Once the user accepts, you should be able to go to your Site Permissions to locate the group and change the permissions for the group
In the end, we are trying to use a custom group to invite the user instead of the standard Visitors or Members group.
If this is what you were already doing, I apologize for the inconvenience. From your post, it seemed you were clicking the dropdown from the Share Site “Users in this group” dropdown.
I attempted to complete your instructions as indicated above. I have already completed many of the other presteps as indicated in the multiple forum posts on this topic.
When I attempt #5 - I get a file not found error.
I marked this as a helpful post since it is the exact same result I am getting on this issue.