We would like to set up a Document Library in a SharePoint Online site with different members, visitors and owners than the Site the Document Library will be created in. It works very well (we have different population for visitors [read] and “members” [edit]) but we can’t prevent parent Site Owner’s from having ~Full Control access to the Library even if they do not have explicit Full Control permission on (they are not owner of) the Library. Please note: These owners are NOT Sites Collection Administrators (which, we know, cannot be denied access to a library). Thanks, Pierre
(Visited 77 times, 1 visits today)
phubaut Answered question July 15, 2018
Site owners will have access to all the document libraries even if you have managed permissions at library level & removed owners from there.
(Visited 1 times, 1 visits today)
Mark Jones Posted new comment July 14, 2018
Not quite.
What you say is true for Site Collection Administrators but if you are “Site Owner” and NOT “Site Collection Administrator” then you can be denied access to a component (e.g. a Document Library) by breaking the rights inheritance and avoiding to give specific rights to these original Site Owners.
In the meantime, I have identified a specific issue that happens with Modern SharePoint Online / Office 365 as “Site Owners” are apparently made automatically Site Collection Administrators (even if you can’t see that in the SharePoint interface). However, if you make them “Members” in the special Modern Team Site SharePoint Office 365 and manually place these users in the “Owner” group they are no more “Site collection Administrators” yet remaining “Site Owners” … in that case, I am able to deny them access to lower level components.