Juan Carlos

How to configure the Site Access Request in SharePoint 2013

December 9th, 2012 | Author: | Filed under: CloudShare, Demos & POCs, Dev / Test, SharePoint | Tags: , , , , ,


SharePoint 2013 introduces many cool improvements in terms of user experience when working standard sites. For instance, users can easily request access to a specific site by using the new site access request and invitation mechanism. At the same time, a site administrator can easily do a follow up of all the access requests to a specific site. In this article, I am going to show you how to configure the site access request mechanism in a SharePoint 2013 site.

Let’s begin!

  • Open your favorite web browser and navigate to a one of the SharePoint 2013 sites you have created in your CloudShare environment.
  • Once you are in your site, go to Settings -> Site Settings. Under “Users and permissions” section, click the “Site permissions link”.

image

  • Next click the “Access Request Settings” option available in the ribbon so a dialog window is opened to configure site access request.

image

  • In the “Access request” settings dialog, click the “Allow access request” option and fill the e-mail address box with the e-mail account of the user who will receive any site access request (usually a site administrator or a site collection administrator). Once you’ve done, click the “OK” button.

image

  • Open other web browser session and try to access this site with a user who has not been invited to it yet. Note that the browser will automatically redirect you to a URL like the following one:

/_layouts/15/AccessDenied.aspx?Source=http%3A%2F%2Fc4968397007%2Fsites%2FCloudshare”> http://<YourSite>/_layouts/15/AccessDenied.aspx?Source=http%3A%2F%2Fc4968397007%2Fsites%2FCloudshare

  • This is where the new access request system starts to work. You will see an access request dialog where you can input why you need access to the site and send your request. Complete the dialog box, and click the “Send request” button.

image

  • Once the request has been sent, the access request page shows an “Awaiting approval” message to the user.

image

  • As a site administrator, and in a different web browser session, navigate back to the “Site settings” page and note there is a new option called “Access requests and invitations”. This option is available to site administrators as soon as a new user requests access to the site.

image

  • Click the “Access requests and invitations” link so you can access the “Access requests” list where you, as a site administrator, can see any site access request. Note that there is one user request with status “Pending”.

image

  • By opening the individual access request menu, you can decide whether to approve or decline user access to the site. You can also configure the SharePoint permission applicable to the user.

image

  • Decline the access request, so that if the user tries again to the site, he will see an information message declining the access.

image

  • At the same time, the  “Access request” list is emptied and a site administrator can check all access requests made by clicking the “Show history” button.

image

And that’s all you need to know about how to use and configure site access requests in SharePoint 2013.

Happy CloudSharing!

About the author:
With more than 10 years of experience in the ICT sector, what best define me is the interest and knowledge of new technologies as a natural way for attending and solving customer problems and needs. My career in the TIC sector, and particularly in the .NET platform started in 2003, just after finishing my studies at the university, in the global worldwide consultancy company Accenture. There, I had the opportunity of working during 3 years in big national and international projects performing different task and roles: development of VB.NET applications, application test and deployment, management of small development teams and so on. In May 2006 I left Accenture and started a new adventure at the Microsoft Innovation Center in Cantabria (CIIN) as a Solutions Architect. In this new stage, I had the opportunity of knowing deeply a variety of Microsoft technologies such as SharePoint, Office 365, Windows Azure, Visual Studio, SQL Server Reporting Services, BizTalk, LINQ, Entity Framework, etc. At the CIIN I haved performed evangelism activities just around these technologies, and I have had the honor of belonging to one of the more specialized organizations in SharePoint in Spain. In October 2013 I joined LKS where I perform a Consultant and Solutions Architect role skilled in SharePoint and Office 365 platforms. My daily work in LKS is focused on providing SharePoint & Office 365 advice and consultancy, specialized training and evangelism in the different projects and LKS customers where I’m involved.

  • Sandip Paul

    Excellent article!

    • Juan Carlos González

      Thanks for your comment Sandip

  • Manny

    Nice article, but access request emails don’t come through even though other sharepoint emails come through, any idea? thanks

  • Sherry

    Hi Juan Carlos – does the person who manages access requests have to be Site Admin? What if you want to give a site owner (not full admin) the ability to manage access requests?

  • JamminJamie

    what if the approve option is greyed out? I am the site collection administrator but don’t have permission to approve?

  • Ravindra

    Good article. However, for the end user “Join this community” button still showing after admin approval with read access. Hows this possible any idea??.

    Please note that i am using the SharePoint 2013 community site template.

    Also, for part of the discussion board read permission is sufficient or we need to give contribute permission?? please advise.

    • Tod Beane

      On SharePoint 2013 sites using the Community Site template, the “Join this Community” button might need to be clicked twice – once to request site access, and again (after access is granted) to get added to the site’s “Members” list. If users are pre-added to the Site Members permissions group, they should only see this button once.

      Don’t confuse the site’s Members LIST with the Members permissions GROUP. Site admins add people to the Members group; approved site members then click “Join this Community” to add themselves to the Members list, which is visible to all site visitors.

      Regarding permissions; if you add someone to the default Site Members group, they will have Read access to site pages, and Contribute access to the discussions. To only allow Read access to the discussions too, add users to the Site Visitors group instead.

      • Nikola Trncic

        Hello,

        For the double join, I do not get this when the site inherits the root site collection permissions. But when the inheritance is broken, that is when the user has to click Join twice.

  • Hollie

    When I try to approve I get a pop-up stating “sending approval” then “request approval failed” and it will not allow me to approve anyone. I have tried 3 different members and they all fail.

    • Bob

      I also have this problem. However in my testing I noticed that it works for a Site Collection Admin of a site but not the Site Owner. Even though the Site Owner has the rights to manually grant access permission.

      • Deepak R

        I am too facing the same issue. Not able to approve and pop-up of “request approval failed”.However in my testing I noticed that it works for a Site Collection Admin of a site but not the Site Owner.
        Did anyone have solution. ? please help or suggest ways to fix the issue.

        • http://collaborationpeople.com Mike Sharp

          This is probably because the site was originally created to inherit permissions, and was later given unique permissions. Your owners group probably doesn’t have permission to the hidden access request list; instead the owners group of the parent site has access. If you “reset” the basic site permissions by appending /_layouts/15/permsetup.aspx to the Site URL, you can define the owners group, and this *usually* fixes the internal permission issue, as the owners group will now have rights to manage that list.

          • Deepak R

            The Owner Group is able to see all request and when He/She tries to Approve/Decline the request then there os pop-up of “Request failed”.

          • http://collaborationpeople.com Mike Sharp

            Yes, in this scenario, it looks like they can see the requests, but but if they try to approve one, they fail.

            At one point, I used some powershell to get the GUID of the AccessRequests list, and edited the permissions so the owners group had full control to the list, but there is something else in the processing of the request that fails.

            The only way I’ve been able to fix this is to re-run the PermSetup page, defining an owners group. Unfortunately, it works most of the time, but there have been cases (especially with sites that were migrated from a previous version of SharePoint) where it doesn’t work.

            In the extreme case, I created a brand new subsite, set up the permissions, and migrated the content from the non-working site to the new site, Then I deleted the old site, and renamed the new site and it’s URL.

            I wrote a little blog post on this last September:

            http://collaborationpeople.com/about_us/blog/13-09-17/SP_2013_Issue_Unable_to_delegate_management_of_access_requests.aspx

            Regards,
            Mike Sharp

          • Anthony Nguyen Huu Nhut

            You need to click “…” to open context menu of the request & check the details of the Request. If the request is to join some group (in which you usually don’t have permission), problem happens. You should change the permission to other groups under your control or a specific access right (e.g. Read, Edit, etc) & it will work.

          • http://collaborationpeople.com Mike Sharp

            It doesn’t matter which group or permission is selected; the request fails. There is a bug in the RTM version of SharePoint 2013 that causes the behavior described above. This was fixed later (I don’t know which update), but I’ve verified the problem is fixed in the June 2014 CU.
            The way this was fixed is now when you break permissions inheritance on a subsite, you are presented with the PermSetup.aspx page. In the RTM version, it simply copied the existing permissions, and broke inheritance.

          • Greg Frick

            Hi Mike – I am trying to make sense of Site Requests on our Office 365 Tenant. What I am trying to do is create a folder (e.g. Sharp-Folder) in the Documents library in OD4B. Configure Unique perms on Sharp-Folder. Create a SP Group called “Sharp-Group” (settings = Allow Requests to JoinLeave, Set as default Group). Grant edit permissions on “Sharp-Folder” to “Sharp-Group”. Send the URL to “Sharp-Folder” to a user named “Sharp Collaborator”. When they click the link they are denied access, but they can send a request. When I review the request, I would like to select “Sharp-Group” as the group or permission level to add them to. I notice that some groups are available from the dropdown but not “Sharp-Group” do you know why? Also I am theorizing that I cannot deny their request because they already have limited access because in our tenant “Eveyone Except External Users” has read access to the OD4B top level site. I think this is because access requests are for the site and once denied they cannot request access. So conversely once they have some level of access they cannot be denied access. Any merit to my theorizing? – Greg

          • http://collaborationpeople.com Mike Sharp

            Hi Greg!
            This is a “feature” that drives me nuts. You’d think you could pick any of the groups that already have access to an item when you approve an access request, but it depends on how you sent the request. I haven’t dug all that deep into the details, but it appears that when you have sent someone a link to something specific such as library or a folder or document in a library, that SharePoint wants to grant access to that item directly, which breaks permissions inheritance to the item. In many cases, you can’t pick any group at all.
            It makes me crazy because there’s no way that I can tell to remove the request and add the user directly to the group you want, without denying the request (which sends them a notice–try explaining that to a non-technical user!) or approving the request, which breaks permissions inheritance. In your case, it sounds like the ability to deny access is disabled anyway.
            I really don’t know of a good solution for this; I’ve been hoping a cumulative update allows you to pick any group with access to the resource the user is requesting.
            What I’ve been doing is:
            1. Add the user to the group I want.
            2. Approve their request, sending them a nice message.
            3. Go to the item’s permissions, and remove them where SharePoint added them directly with “Edit” or whatever.
            Unfortunately, if they’ve requested access to a document or folder, the approval has probably cause permissions inheritance to be disabled. In your example, though, permissions inheritance has already been disabled by giving the folder unique permissions, so this would work for you, albeit with extra steps.
            Regards,
            Mike Sharp

  • aleknik

    how i delete history request access in sharepoint 2013?