Tuesday, February 5, 2013

I don't want people requesting access to my stuff!!!

I haven't posted in quite some time. So I figure it is time to get back into adding to my blog. To kick things off I am going to keep it pretty simple today. I'll explain how to enable / disable access requests.

Essentially, when it comes to access requests, SharePoint 2010 works in two ways. First, if you deny access to a site, list, library, or what not, the system will conceal (permission trim) that object from your view. Assuming it is within the same site collection. Second, if you deny access but have management of access requests turned on it gives the user the opportunity to request access. This is done via an email communication to the owner.

To enable or disable this feature (using a Site as the example here) simply do the following  accordingly:
  1. "Site Actions | Site Permissions"
  2. Under "Permission Tools | Edit" you will see a category called Manage.
  3. Click on Manage Access Requests.
  4. Uncheck the "Allow requests for access" option and click OK.
That's it. It is a pretty simple process. With this option you can easily manage those folks who may need access that you were unaware of.

5 comments:

  1. Hi Michael! That reminds me of a utility I got asked to create and run to update Access Request Emails for all sites in a collection. I must have a root around for that.

    But is there a way you can set that for an entire site collection via the UI? Just wondering as I couldn't find one...

    ReplyDelete
  2. I should have said "a entire site collection including the subsites". Christ I'm getting neurotic now about my every word - of course you know what I mean!

    ReplyDelete
  3. Hi Susanl -
    By default SharePoint configures the access requests for any given Site Collection to go to the person who created the Site Collection.

    I don't believe there is a way (non-programmatically) to go in an enable/disable a Site Collection and all it's sites via the browser. Though I suspect this can be done easily through PowerShell. Here is a script I tossed together that works for me on my local SharePoint installation.

    Add-PSSnapin Microsoft.SharePoint.Powershell
    $webApp = Get-SPWebApplication
    foreach ($spSite in $webApp.Sites)
    {
    foreach ($spWeb in $spSite.AllWebs)
    {
    Write-Host "Checking Access Request status for " $spWeb.Title ", at " $spWeb.URL
    if (!$spWeb.HasUniqueRoleDefinitions)
    {
    # Access Request setting inherited from Parent
    Write-Host "--- Access Request setting inherited from parent site."
    }
    if ($spWeb.RequestAccessEnabled)
    {
    # Access requests are enabled
    Write-Host "--- Access Requests current go to: " $spWeb.RequestAccessEmail -foregroundcolor green

    # To edit who the e-mail goes too is easy. Just unrem this next line of code.
    # $spWeb.RequestAccessEmail = "john@doe.com"
    # $spWeb.Update()
    }
    else
    {
    # Access requests are disabled
    Write-Host "--- Access Requests are disabled for this site." -foregroundcolor red

    # To enable is easy as well. Just unrem this next line of code.
    # $spWeb.RequestAccessEnabled = true
    # $spWeb.RequestAccessEmail = "jane@doe.com"
    # $spWeb.Update()

    }
    }
    }

    ReplyDelete
  4. Yup I had something similar in C#. You've saved me the trouble of blogging it :)

    ReplyDelete
  5. Now I can get rid of all the access request spam!

    ReplyDelete