Want to use Manage Access Requests feature in SharePoint 2010?


 The manage access requests feature is great for allowing users that don’t have permissions to a SharePoint site requests access. This link is exposed when users attempt to access a site they don’t have permission to.

 

clip_image001

 

Clicking on the link automatically sends an email to the email address specified within Manage Access Requests/Access Request Settings.

Setting up Manage Access Request

In order to setup Manage Access Request, you must have inbound/outbound email setup in SharePoint 2010.

http://technet.microsoft.com/en-us/library/cc263462.aspx#section1

Assuming email is setup, you may go to your preferred site and choose Site Actions, Site Settings, and choose Site permissions under Users and Permissions section. Manage Access Requests is exposed in the ribbon:

clip_image002

 

Clicking on Manage Access Requests will take you here:

clip_image004

 Usually, the original Site Owner email address is specified here.

Are you sure you want to use Manage Access Requests feature?

I would take a serious look into whether or not Manage Access Requests feature is the right approach for a company with a large SharePoint farm and site collection owners change daily, weekly, or monthly. The assumption here is that a site collection owner email address is specified to receive access request emails. Let’s assume my site collection owner is contoso\admin and the Manage Access Requests email address is set to the same user: Admin@contoso.com. Contoso\Admin took another job within the same company but no longer owns or supports this particular SharePoint site. Contoso\Admin is replaced by Contoso\jrAdmin. Contoso\jrAdmin adds his account to Site Owners group while removing Contoso\Admin account from Site Owners group for this particular SharePoint site.

500 users are hired to this particular company and all are instructed to access this SharePoint site and requests access. 500 emails get sent to Contoso\Admin instead of Contoso\jrAdmin. When removing site owners, it has no effect on the email address specified within Manage Access Request. This can quickly become a nightmare for the company help desk if regular users are site owners and site owners change often in a large SharePoint farm. This behavior is by design for both SharePoint 2007 and SharePoint 2010. If the feature is important for your company and you must use it, I recommend adding technical documentation on how to fully remove site collection owners by adding a section on updating the Manage Access Requests email field to the new site collection owner.

Thanks,

Russ Maxwell, MSFT


Comments (12)

  1. Sridhar Bommana says:

    Never knew this loop-hole with manage access requests.

    I will be extra careful while suggesting this to my clients

  2. Reza says:

    Is is possible to enable the Access Request feature programatically, using STSADM (for MOSS 2007) or Powershell (for SP2010)?

    Thanks.

  3. Philip says:

    You can use a DL instead of an individual name.  That would solve the leaving the company problem.  It would be nice if you could enter more than one email address here.

  4. Jon says:

    Any idea how to set that email address for access requests from the Client Object model?

  5. Jonathan Herschel says:

    Philip, you can enter more than one email.  I've used 2 address seperated by a ; and it works.

  6. Alice says:

    For users that don't have permissions to the site, instead of sending the admin an e-mail, I'd like to show them a page with instructions on how to get the correct permissions. Is there a way to do this?

  7. aliasif says:

    Document & Libary are not show. onky loading procces……………..

    plz help me

  8. Great article Russ!

    PowerShell can come to the rescue in your example scenario 🙂

    http://www.sharepointdiary.com/…/change-all-sites-access-request-emails.html

  9. Sagir Kazi says:

    Where is the "Site Owner" email/ID specified? I have users complaining that Request Access email are bouncing back since the email (lets say Email1) doesnt exist. The "Manage Access Request" screen has different email configured (lets say Email2;Email3). Please advice.

  10. Sagir Kazi says:

    Where is the "Site Owner" email/ID specified? I have users complaining that Request Access email are bouncing back since the email (lets say Email1) doesnt exist. The "Manage Access Request" screen has different email configured (lets say Email2;Email3). Please advice.

  11. Riddhi says:

    is there a way from client object model we can set this?

  12. Duane says:

    Is there a way to capture the site URL and requesters name in a SharePoint list column?  I would like to put this into a workflow.