Access Control
Sites and Files Access Control
Users with files on Google Drive that embed them in a Google Site frequently ask why their files are not visible on their Site.
The sharing settings for files in Drive are separate from the Site sharing settings and need to be set separately - usually to be the same as the Site - they are not 'inherited' from the Site they are shared in.
Fortunately this is easy to do since it is possible to share both Sites and files on Drive - including folders - with Google groups.
Using Google Groups for Access control
If you have a Site that you want to share with a specific group of people and documents on Drive embedded or linked to from your Site that you want to share with the same group of people, you could simply share the Site with those people and do the same with any docs or folders on Drive. (This can be simplified by making sure that any shared documents are in a single shared folder).
However, if that group of people changes you will need to remember to make the changes in multiple places.
An easier method is to create a Google Group for those people and then share the Site and documents with that Google Group.
It is easy to share Google Sites (and Google Docs, folders and Calendars) with Google Groups in a secure manner. All you need is the Google Group's email address shown on your group's "about group" page..
In Classic Sites, you can invite a Google Group's email address to your Site as owner, editor, or viewer.
In New Sites, you can invite a Google Group's email address to your Site as an editor or viewer.
People who are part of that Google Group will then be able to access the Site in the way you share it, and as the membership of the Google Group updates, the access to the Site updates with those changes.In Drive, you can add the Google Group's email address to a document or folder with either edit or view access. In a similar way, as the membership of the Google Group updates, the access to the Doc or uploaded file updates with those changes.
In both cases, someone who gets the link but isn't a member of the Google Group that received the sharing privileges won't be able to access the Site or Doc, unless you specifically give them access by adding them to the Group too.
You can set up a group so that people can ask to join it. Once their membership has been approved, they will have access to anything shared with that group.
nb
If you are a member of a group and the group has access to a Site, the Site will not appear in your Sites list but you will still have access to it
Logged in or not logged in
If a user has zero logged-in accounts and visits either a non-existent site or a site that is not public they will be redirected to a login page. If they have at least one logged-in account they are no longer redirected to login
Account Chooser
If you want to ensure a user is prompted to sign in to the correct Google account when sent a link to a Google Site then use a link in the form:
https://accounts.google.com/AccountChooser?continue=SITEURL
An alternative version is with /signinchooser added:
https://accounts.google.com/accountchooser/signinchooser?continue=https%3a%2f%2fsites.google.com%2f[domain]%2f[sitename]
Note: don't add /home to the end as that may not be the page path of your site's homepage, but stop /sitename will always work
If /signinchooser is included and the user is signed in to an account that can access the site it doesn't make them choose an account.
But if /signinchooser is not there the user will always be asked to pick an account, even if they are only signed in to one account and it has access.
(You should URL encode the site URL after continue hence the %3a and %2f you see in the example above.)
Sites Service disabled for a domain
If users are signed in to an account from a GW domain for which the Sites service has been disabled domain users they will not be able to access ANY Google Site