SharePoint Permissions

  • 10 minutes to read

Overview

As a SharePoint administrator or owner, you may need to grant or revoke access to SharePoint sites, document libraries, and files for various reasons, such as adding new team members, removing former employees, or adjusting access levels for specific users.

This article will provide you with step-by-step instructions for granting and revoking access to SharePoint sites, document libraries, and files while keeping inheritance in mind.

Granting and Revoking Access to SharePoint Sites, Teams chats, and calendars

SharePoint sites are the main containers for all the content you create and share on SharePoint. Permissions can be applied in several ways depending on what level of access you want the user to have.

To grant or revoke access to a SharePoint site and the associated shared calendar, Teams chats, mailboxes, etc., follow these steps:

  1. Navigate to the SharePoint admin center:
    • GCC: https://(tenantdomain)-admin.sharepoint.com
    • GCCH: https://(tenantdomain)-admin.sharepoint.us
  2. In the left-hand menu select “Sites” then “Active Sites”.
  3. Select the “Site name” for the site you wish to applied permissions to.
  4. In the dialog box, select “Membership”.
  5. After determining which group to add the user select “+Add members”.
  6. Enter the user name or email address, then slect “Add”.

If after giving access to a SharePoint site a user cannot access a document library within that site, check to make sure inheritance for that document library is not broken.

SharePoint site permissions

Owners - can add or remove members and have unique permissions like the ability to delete conversations from the shared inbox or change different settings about the group. Group owners can rename the group, update the description or picture and more.

Members - can access everything in the group but can’t change group settings. By default group members can invite guests to join your group, though you can control that setting.

Guests - are members who are from outside your organization.

Site admins - have the highest level of SharePoint permissions. They have the same Full Control permissions of a site owner, plus they can do more things, such as managing search, the recycle bin, and site collection features. They also have access to any items in the site, including in subsites, even if permissions inheritance has been broken. However, this does not give access to other resources such as associated shared calendar, Teams chats, mailboxes, etc.,

Site owners - have full control of the SharePoint site. If the site has an associated Microsoft 365 group or team, then group or team owners are automatically included as site owners. However, people added directly to the site owners group don’t have access to the Microsoft 365 group or team unless they are added there directly.

Site members - have edit permissions to the SharePoint site and can add and remove files, lists, and libraries. If the site has an associated Microsoft 365 group or team, then group or team members are automatically included as site members. However, people added directly to the site members group don’t have access to the Microsoft 365 group or team unless they are added there directly.

Site visitors - have view-only permissions to the SharePoint site. This permission level is only used by SharePoint and isn’t related to permissions in an associated Microsoft 365 group or team.

Granting and Revoking Access to specific document libraries

In order to access the document library to assign permissions, Admins must have one of the following SharePoint site permissions:

  • Owner
  • Site admin
  • Site owner

By default, inheritance is enabled for all document libraries when they are created within a SharePoint site. This means that any user given permissions to the SharePoint site, will have the same level of permissions to the document library unless inheritence is disabled. However, sometimes you may want to be more granular with access and would like to limit access to only a certain document libraries within a site.

To grant or revoke access to a specific document library follow these steps:

  1. Go to the SharePoint document library for which you want to grant permissions.
  2. Click on the gear icon in the top-right corner of the screen and select “Library settings” from the dropdown menu.
  3. Under “Permissions and Management,” click on “Permissions for this document library.”
  4. Click on the “Stop Inheriting Permissions” button in the top ribbon.

    When breaking inheritance, any members or groups already assigned permissions will retain their permissions afterwards unless permissions are removed

  5. A warning message will appear. Click “OK” to confirm that you want to stop inheriting permissions.

  6. Once you have stopped inheriting permissions, you can add or remove users or groups and set their permission levels.
  7. To add a user or group, click on the “Grant Permissions” button in the top ribbon.
  8. In the “Share” panel that appears, enter the name of the user or group you want to add in the “Enter names or email addresses” field.
  9. Select the permission level you want to assign to the user or group from the dropdown menu.
  10. Click “Share” to add the user or group and set their permission level.

Granting and Revoking Access to folders/files within a document library

In order to access the document library to assign permissions, Admins must have one of the following SharePoint site permissions:

  • Owner
  • Site admin
  • Site owner

By default, inheritance is enabled for all folders/files when they are created within a document library. This means that any user given permissions to the document library, will have the same level of permissions to the document library unless inheritence is disabled. However, sometimes you may want to be more granular with access and would like to limit access to only a certain file/folder within a document library. There are 2 methods to grant permissions depending on the granularity of the permissions neediong to be assigned:

  • Edit or View
  • Full Control, Design, Edit, Contribute, Read, or Limited Access

To grant or revoke Edit or View access to a specific document library follow these steps:

  1. Go to the SharePoint document library for which you want to grant or revoke access.
  2. Navigate to the folder or file you want to modify access for.
  3. Click on the ellipsis (…) next to the folder or file and select “Manage access” from the dropdown menu.
  4. If the user or group has existing permission, select the drop down box next to their user name and select the aprropiate permission level
  5. If the user or group does not already have access, select the “+” next to “Direct access”.
  6. Enter the name, group, or email address and “Edit” or “View” with the dropdown.
  7. Click “Grant access”.

To grant or revoke Full Control, Design, Edit, Contribute, Read, or Limited Access to a specific document library follow these steps:

  1. Go to the SharePoint document library for which you want to grant or revoke access.
  2. Navigate to the folder or file you want to modify access for.
  3. Click on the ellipsis (…) next to the folder or file and select “Manage access” from the dropdown menu.
  4. Scroll to the bottom on the “Manage access” dialog box and click “Advance”.
  5. Click on the “Stop Inheriting Permissions” button in the top ribbon.

    When breaking inheritance, any members or groups already assigned permissions will retain their permissions afterwards unless permissions are removed

  6. A warning message will appear. Click “OK” to confirm that you want to stop inheriting permissions.

  7. Once you have stopped inheriting permissions, you can add or remove users or groups and set their permission levels.
  8. To add a user or group, click on the “Grant Permissions” button in the top ribbon.
  9. In the “Share” panel that appears, enter the name of the user or group you want to add in the “Enter names or email addresses” field.
  10. Select the permission level you want to assign to the user or group from the dropdown menu.
  11. Click “Share” to add the user or group and set their permission level.

Default document library, folder, or file permissions

Full Control: Users with Full Control permission have complete control over the document library. They can add, edit, and delete files, as well as manage permissions and settings for the library. This is the highest level of permission.

Design: Users with Design permission can create and edit pages, as well as customize the layout, views, and web parts of the document library.

Edit: Users with Edit permission can add, edit, and delete files in the document library. They cannot, however, change the settings or permissions for the library.

Contribute: Users with Contribute permission can add and edit files in the document library, but they cannot delete files or change the settings or permissions for the library.

Read: Users with Read permission can view the files in the document library, but they cannot add, edit, or delete them.

Limited Access: Limited Access is a special permission level that is automatically assigned to users or groups when they have been granted access to a specific item or folder within the document library, but not to the entire library. This permission level allows them to access the specific item or folder, but not the rest of the library.