Scoping access to site designs
Site designs and site scripts are currently in preview and are subject to change. They are not currently supported for use in production environments.
Site designs are available to everyone by default. You can also scope site designs so that they are only available to specific users or groups. For example, the accounting apartment may have specific site designs they use, but it may not make sense to share those site designs with everyone. This article will explain how you can control which users and groups can see specific site designs.
Granting rights to a site design
When a site design is first created, it is available to everyone. You can grant View rights to the site design. After rights are granted, only the users or groups (principals) specified have access. You can continue granting rights to more principals with subsequent API calls.
Granting rights to security groups
The following example shows how to scope an existing site design so that only the mail-enabled security group accounting can view and use the site design.
Grant-SPOSiteDesignRights ` -Identity db752673-18fd-44db-865a-aa3e0b28698e ` -Principals ("email@example.com") ` -Rights View
You might want to create a new site design and grant rights at the same time, as shown in the next example.
Add-SPOSiteDesign ` -Title "Scoped site design" ` -Description "Scoped to only the accounting email security group" ` -SiteScripts 256494cb-bd31-4f60-9eba-285308d7a863 ` -WebTemplate 64 ` -PreviewImageUrl "https://contoso.sharepoint.com/SiteAssets/scope-image.png" ` | Grant-SPOSiteDesignRights ` -Principals ("firstname.lastname@example.org") ` -Rights View
Granting rights to users
The following example shows how to grant view rights on a site design to Nestor (a user at the fictional Contoso site).
PS C:\> Grant-SPOSiteDesignRights ` -Identity 44252d09-62c4-4913-9eb0-a2a8b8d7f863 ` -Principals "email@example.com" ` -Rights View
Viewing rights assigned to a site design
To view rights, use the Get-SPOSiteDesignRights cmdlet. The following example shows how to use this cmdlet and a response in the case where only Nestor has view rights.
PS C:\> Get-SPOSiteDesignRights 607aed52-6d61-490a-b692-c0f58a6981a1
DisplayName PrincipalName Rights ----------- ------------- ------ Nestor Wilke i:firstname.lastname@example.org View
Revoking rights from a site design
You can revoke rights for any principal. If you revoke view rights for all principles, the site design will again be available to everyone.
The following example revokes access for the accounting mail-enabled security group and Nestor.
Revoke-SPOSiteDesignRights ` -Identity db752673-18fd-44db-865a-aa3e0b28698e ` -Principals ("email@example.com","firstname.lastname@example.org") `