Need help with Groups in SharePoint, please

Occasional Contributor

Hello SharePoint community!


My Background: 
I'm fairly new to SharePoint and Office 365, I've been cramming as much information as possible in the past few days. I've also been learning PowerShell as rapidly as possible. All of it is very big to take in, this is such an interesting part of the Software world. 

I'm newly hired to a tech company that is working on a PowerApp with Office 365 (mobile app) that interacts with SharePoint. It lets users file reports that get turned into documents hosted by SharePoint Sites. The users are generally older folks who are fairly new to technology, so the app has to be as user friendly as possible. 


My Situation: 
I'm tasked with finding out a way to automate permissions for users and groups for SharePoint. When there is a new event, we have 30-100 users (new and existing users) who need access to a SharePoint Site and specific Subsites and Folders. I need to be managing these permissions with a co-worker, and we desperately need a way to automate this process. So far my co-worker who is the creator of the app/site has been managing this by herself, which has been a lot of work. She's had to go into each site/folder and add/change permissions for each individual user.
I am tasked with learning groups so we can automate this process. So far what I know is that there are different kinds of groups, such as Security groups, Teams groups, Assigned groups, Dynamic groups, and Distribution lists. 


My Questions: 

  1. How do I use Groups in order to best manage large amounts of users; make sure they have the right permissions to access the right Sharepoint Site, subsites, and folders?
  2. How do I automate this process as much as possible so we can manage users in bulk?
    For Example: An Event Leader gives us a list of 20 new users and 50 existing users to be added for a new Event. They all need permissions for a new set of folders created for that event, as well as existing folders.

My Limitations: 

We are not able to buy expensive Azure licenses for hundreds of people in order to use Dynamic groups. I know Azure AD is involved with the security side of Microsoft products, but I'm still new so I don't know how everything works exactly. 


Closing Statement:
I am someone learning PowerShell and Office 365, so every bit of help is appreciated. I am willing to troubleshoot, research, and learn whatever I need to in order to best complete the task. 
Thank you all for your time <3 


Edit: Fixing typos
Update for Clarification: 

All of the files and folders are confidential and should only be accessed by the users involved with the specific event related to those files and folders. A user should not be able to access files and folders off events/groups that they're not apart of. 



2 Replies
Little confused by the ask and or current setup. Currently a new event starts and a site is created and a group of people needs added?

Why is it so complex currently or why is permission not inherited down through the sites and folders? Guess I’m trying to understand a bit more of the requirement before giving any thought.

Indies each site have a unique set of permissions? Security groups are sounding like the way to go here if many of the groups added to these sites are the same groups over and over etc.

@Chris Webb 

A new event starts and we need to start a group for that event. The group will then inherit permissions for the event site/subsite (still figuring out which is best), and they will inherit permissions for specific folders located in a different site that they aren't part of. 
Is this possible and how do you do it? We have attempted to use groups for this but it hasn't seemed to work how we want it to, we probably aren't doing it right. 

Is there a way to automate this process so a new group is automatically created when there is a new event, and we can add 30-100 members to this group easily (through a command with a list, maybe)? 


Sidenote: Because there is a limit to how many groups people can be apart of, I think we will delete the groups after a year; so there shouldn't be an issue there. The majority of users won't need access to an event after that long, and the people who will need access should be admins of those sites.