List Permissions for O365 Group Members does not apply - sharepoint-online

I have a O365 Group and a Team site but not Teams enabled.
In that site I have a list called Portfolio. I have a bunch of users added as owners and members of the O365 group and they are added in to SharePoint online groups respectively.
We are managing permissions for users on individual lists and libraries which seem to be working. However when I try to have unique permissions with Owners and Members Read only access on the list, they still have full control on the list.
As shown in the image here:
Permissions
The Part I don't understand is that it says "The following factors also affect the level of access for Ashar Khan"
Where are these policies set and how do I change them?

By default, O365 group owners would have site collection admin access to the team site. Site collection administrators are given full control over all Web sites in the site collection.
To remove the group owners from site collection administrators, go to site permission settings->Site Collection Administrators:

Related

Are nested groups inside azure active directory work in SharePoint online

Are nested groups inside azure active directory work in SharePoint online? so if we created a nested azure active directory group, can we add this nested group to SharePoint site permission?
In other words, let say we have 2 AD groups; Group-A & Group-B .. and we added Group-B inside Group-A .. then we added the nested group to a SharePoint site >> then will all users inside AD Group-A and AD Group-B get the permission on SharePoint? Thanks
• As per what you said, nested groups are a subset of the larger groups they are a part of, i.e., nested group members can be a part of multiple member groups and other nested groups of which they are originally a part of. And since you are talking of Azure AD groups, they are of two types, viz., Microsoft 365 and Security. I tried to give permission to groups created in Azure AD, both Microsoft 365 and Security groups to Sharepoint site through ‘Site Permissions’ option and was successful in adding the groups to the respective sites for Sharepoint access.
Also, these groups are nested as specified by me above and I didn’t encounter any such issue in accessing the Sharepoint site through them. Please find the screenshot below for reference: -
Of the above, ‘Test_group’ and ‘All Users’ are Security groups, so they cannot be added in the ‘Grant Permissions’ list or they won’t be invited whereas the other two groups are Microsoft 365 groups, so their users who have Office 365 license enabled will be invited and be able to grant the required permissions. Thus, nested Microsoft 365 Azure AD groups are only allowed for Sharepoint site permissions. For more information regarding the groups, please refer the below link for more details: -
https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide

Azure DevOps collection level custom groups

I am trying to create new collection level custom group which members would see all projects under my organisation but could not set access rights in organisation or projects unless added to project admins. However, I do not find any place where I could restrict access to user access for this group members. Also I cannot find anything that would give automatically access to all projects. However, the project collection administrators group has this permission but it is not visible anywhere.
There is no such permission to control users would see all projects (exclude Public projects) under organisation. You have to add the users to the projects, at least add to Readers group, then they can see the team projects.
You could add a group rule, add the users in this group, and then assign all team projects to them.
More details of Permissions, please refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page

Change owner of a sharepoint site

My company has recently started sharepoint for collaboration. Now I created sites and subsites for all my projects. And that time I created new groups for owner, members and visitors for each subsite. But later I realised that the owner group can be same for all subsites. So I deleted the owner groups for 2 of my sites. Now I am unable to create subsites or delete those sites. How do I find who is the owner and how can I add myself as the owner for these sites. Any help would be appreciated.
Try going to the /_layouts/permsetup.aspx page on each of the sites to add the new owner group.
For instance, if you had a site with the url http://testapp/testsite/, you would go to http://testapp/testsite/_layouts/permsetup.aspx

Location and visibility of the SharePoint users group

I created a group of users in the SharePoint subsite, i.e. pressed Create Group button on a ribbon of this particular subsite Permissions page. Nevertheless I see this group in the list of groups in my parent site.
Does this mean that all SharePoint groups are stored on the site collection level? Meaning that all groups are relevant to any site in the collection?
If this is so, what were the reasons for this design?
Yes, you can access all groups from the main site and any website in the collection. And I guess the reason is to give you the ability to use any group in any website under your collection.

How do I limit a user's permission in Sharepoint to a single survey

I have a user group set up in Sharepoint that has permission to access to a single site. I would like to restrict this groups access futher to a single survey within that site. Is there any way to set Sharepoint permissions to a more granular level?
You can give access to only specific lists, views or pages using the Limited Access Permission Level
Go into the list or view that you want to give people access to, go to Settings --> List Settings --> Permissions for this List
You can then give direct rights to users that do not have access to any objects higher up in the hierarchy.

Resources