I recently blogged about UserVoice, a platform that Microsoft uses to give users (you, me, your colleagues, anyone using their software—not just admins!) the ability to submit fix requests and functionality suggestions. And I’ve made my first submission. It would be great if you could help me out on that and up-vote it so it gets some visibility.
My submission centers around how the Access Request process works and I’ve broken it into three parts. You can read the actual submission if you’d like, but since they don’t allow screenshots and they likely smile upon brevity, I figured I’d use my platform here to go into more detail.
I have three requests: 1) fix the Access Request settings to allow for a SharePoint group to be used, not just a single email address; 2) display Site Owner names on the “Request Access” page; and 3) allow site owners to customize the “Request Access” page content.
Support groups in Access Request settings
One of the principles of SharePoint is the ability to provide access to only the right people who should have access. That means likely closing your site off to certain people in your organization. And that’s a good thing: it protects confidential information, keeps draft work from getting out ahead of time, and overall just keeps things clean. You shouldn’t have access to what you don’t need access to.
But if you do need access, and someone passes a link to you to content you need to read, review, or whatnot, SharePoint hits you with what I call the “Request Access” page. Here the user who lacks access will be provided with the opportunity to add a custom message explaining why they need access. And when they click “Send request”, an approval email is sent… somewhere.
And that’s my first issue. The Site Owner should receive this email. Frankly, I can’t think of an exception to this concept. If you want access to a site, the Site Owner needs to receive the access request email so s/he can act upon it and either approve or deny the access request.
But that’s not exactly how it works. When a site is created, the person or account who created the site is set to receive Access Requests. And the option for who receives Access Requests allows for only an email address. Not a SharePoint group, not multiple emails, and the field isn’t a people picker either.
You can change who receives Access Requests by clicking Gear > Site Settings > Site Permissions > Access Request Settings. This is what you see.
Why is this a problem? A number of reasons:
- In some companies, a system account is used to create sites as part of an automated script. So firstname.lastname@example.org might end up getting Access Requests, and that’s likely a dead end. The best case is an IT admin will receive all of these requests. But then they have to constantly reach out to the content owners to determine whether the request should be granted. Why involve two (or more) people when you only need to involve one?
- Site Owner transfers: If your Site Owner moves to a different department, it’s extremely easy to forget (or not know!) to update the Access Request settings. So a year later, that former Site Owner may get a request and 1) not know what to do with it, or worse 2) ignore it because it’s not relevant.
- Site Owner leaves: If your Site Owner leaves the company or is terminated, that email address remains in the Access Requests and once they leave, their Outlook mailbox essentially becomes a black hole.
- Only one: For some reason, you’re limited to only one recipient. Even if you do update that to be the primary Site Owner, what happens when that person is out of the office for an extended period with no email access?
How this should work is the Access Requests should go to the Site Owners of that site. That’s the point of SharePoint groups. Make the change once in the group and it propagates to all places where it’s relevant. No worrying about who is truly in charge anymore. And that’s the change I want to see: the Access Request field should be a people picker, and it should allow you to select SharePoint groups as recipients, with Site Owners as the default.
Frankly, this is a pretty annoying glitch that’s been around since SharePoint 2007 and it really needs to be remedied. As soon as possible. Because it puts into jeopardy your site’s entire permissions structure, which you can spend hours and hours to perfect. Only to find out that when someone wants access—oops—you didn’t know.
Display Site Owner names on Access Request page
The Access Request page comes with no mention of what site you’re trying to access, let alone who the Site Owners are. And thanks to that lack of context, it can be actively confusing to someone looking for a way in. That, and they have no idea who to contact with a question, request for help, or just some information on why they’re hitting a permission block.
For that reason, I think it makes total sense for the Access Request page to automatically display the names of anyone who is listed in the Site Owners group. Or, to be more correct, whoever is listed in the Access Request Settings box that I’ve requested updates to above. That would mean any individual names, plus the individuals that make up a SharePoint group that’s called out.
This just makes sense.
Allow for custom content on the Access Request page
Right now, the Access Request page is extremely simplistic and comes with basically no context. It doesn’t even tell you the name of the site you’re trying to access. Just a pre-written statement with a box to let you add information. If you’re not used to seeing this page, you don’t know if this is going to go to some computer somewhere or if an actual human will review the request. So what do you even write in the box?
That’s why I’m asking for the ability for the Site Owner to add some context to the Access Request page so when someone comes across that page, they won’t be totally confused. Even if it’s just an additional text box in the Access Request settings that gives the option to type something like “Welcome to the HR Team Site. This site is protected and you don’t currently have access. If you require access to this site, please indicate why that is and who shared this link with you so the Site Owners, John, Jane, and Andy, can review your request with the right people and get back to you as soon as possible.”
Like the request to include Site Owner names on the Access Request page, this just makes sense.
I know this may seem trivial. And I realize there likely isn’t an easy fix (there never is) for our friends in Redmond to get this right. But it’s been hounding us Site Owners for almost a decade now. It unnecessarily confuses users, Site Owners, and administrators alike, and it’s just not a clean way to do business.
It would be great if the SharePoint Team could make this change in a coming update to SharePoint Online and SharePoint 2016 so things can run smoother and we don’t have to worry about things we frankly shouldn’t have to worry about… and likely aren’t because we already assume it works this way.
But my friends, it does not.