I have faced to day a very bizarre situation when I was trying to share an element within a SharePoint Online library, with a user who didn’t have access to the site at all. After the element was shared, user was getting access denied unless was added to “Members” permission group.

A little bit of background story

The situation was as following:

1. The site was a SharePoint Online team site.
2. User didn’t have an access to the site.
3. The folder in a library was shared by link with the user.
4. User was clicking link from a mail sent to them, but was getting access denied.
5. When user was added to the site “members” permissions group, they were able to access the shared asset.

However, adding them to “members” group was not a solution, because I didn’t want to share the entire site.

There were as well other weird things going on within the whole sharing process. I was trying to share both using the link approach and direct access. Just a quick reminder, what is the difference between these two methods: Direct Access vs. Sharing Link in SharePoint Online – SharePoint Maven.

Anyways, when I was trying to share via “Send link”, I wasn’t able to change permissions to “Edit” (option was disabled), only “View” was available:

Furthermore, when I clicked on “direct access”, I was informed, that I don’t have permissions to share the item, despite the fact I was a site collection admin (sic!):

It turned out however I was able to grant access this way, but even though user was still getting access denied. User then requested for the access:

And their request landed inside “Access Requests” area of the site, but there again – even despite expressing the approval, user was still facing the same problem.

Eventually I was able to let the user access the asset, by adding them to the “Members” permissions group of the site, however that was not the solution, as I didn’t want to let them access to the entire site, just to the specific asset.

Solution

I came up to the idea what might be the problem, when I tried to grant user access directly through item’s “Permissions” page. I clicked “Grant Permissions” button, and this is what appeared:

It turned out, that the reason of my problems was a site collection feature named “Limited-access user permission lockdown mode“.

According to the documentation:

When enabled, permissions for users with “limited access” permissions, such as Anonymous Users, are reduced, preventing access to Application pages including item properties or list views. Additionally, if a document, folder, or library has unique permissions, those users will not be able to:
1. Use the drag and drop feature to upload documents
2. Browse to the affected folder
3. Use the Shared with feature
4. Create calendar events from calendar lists connected in Outlook
5. Open documents in the Office client
6. Some callout features on documents and folders will not render as expected

Here according to the dialog window above, I was able to either:

1. Disable the feature, so that users with limited access (like my example) would be able to benefit from all sharing functionalities, or
2. Share the site, which in this case meant I would have had to add user to a “members” group as I did it before.

I decided to disable the site collection feature and that solved all my problems. Also, since then I was again able to share through link and give “Edit” permissions as well as the confusing information telling me I don’t have permissions to share directly disappeared.

You’re welcome! 🙂