What are the best practices for creating unique permissions? #M365AMA

In this episode, the #M365AMA panel discusses the following community question:

“We have a group “All employees” in SharePoint. The group exists in every SharePoint site. It previously had the permission “Contribute”. I should change this to “Read” which worked fine with Powershell. Background is that from now on only people should edit files in SharePoint sites who are owner or member. Now to the problem: I didn’t know before the difference to Member/Owner and Site-Member/Website-Owner. In our project sites only member and owner were maintained. Now when I set the “All employees” group to “Read”, no “Member” can edit files on the SharePoint site anymore. I think I need to change all people who are “Member” to “Site Member”. Or can I set the permission so that members can edit files? It all has to be done via Powershell – does anyone have any idea?”

Check out the discussion here:

 

Participating in this discussion were:

• Christian Buckley @buckleyplanet 
• Sharon Weaver @sharoneweaver
• Geoff Varosky @gvaro
• Stacy Deere @sldeere
• Jonathan Weaver @j_weaver74

Some relevant notes/links shared by the team:

• Unique permissions are not great for DIY projects. Our shared recommendation is to hire a professional.