I have recently created a folder in a sharepoint online document library. This folder will be used to store confidential information. Only specific people should have access to this folder.
By default if a folder is created in a sharepoint library, it will inherit its permissions from sharepoint site. Therefore, whatever permissons you have assigned on the site level will be applied on the newly created folder as well.
By default, all sites, lists, and libraries in a site collection inherit permissions settings from the site that is directly above them in the site hierarchy. Similarly folders, lists and documents created in a document library will inherit permissions from the site that contain them.
To be able to restrict a particular folder, we will need to break the Inheritance on that folder first and then assign permissions to the users or groups explicitly.
|When a folder contains more than 100,000 items, you can’t break permissions inheritance on that folder. Also, if you previously had disabled inheritance on this folder and now want to re-inherit permissions, this will also not work.|
Steps to restrict access to a folder in a sharepoint online document library
Before you go ahead and start this process, please get a list of users who will need access to this particular folder. For example, Let’s say you created a folder named Finance-Restricted and you want to restrict it to few of the finance users who should have access to this folder. You need to first get the name of those users.
Once you know who require access to the Finance-Restricted folder. You can follow below steps to configure the access.
- Create a folder called Finance-Restricted in the document library.
- Hover your mouse over to this folder and click on three dots next to the it and then click on Manage access.
- Click on Advanced link on Manage access pop-up.
- Click on Stop Inheriting Permissions option from the tool bar.
As we discussed earlier, this folder is Inheriting permissions from its parent. Therefore, to assign explicit permissions we will need to break Inheritance first. Clicking on Stop Inheriting Permissions will copy permissions from parent and stop Inheriting permissions. Changes made to parent permissions in future will not apply. You can always go back to start Inheriting permissions again in future if you want to move away from explicit permissions for this particular folder.
After you click on Stop Inheriting Permissions option. You will get a pop-up message to confirm this change. Click on OK button to proceed.
- After Stopping Inheritance from Parent, you will now be able to manage permissions for this folder. Let’s say you only want three users to have access to this site, these are finance team members called Adele Vance, John Beckles and Megan Bowen.
- To be able to control access to this folder and restrict it only to given three users. We will need to remove the existing default groups added to the site permissions. Select Finance Team Members, Finance Team Owners and Finance Team Visitors groups and the click on Remove User Permissions. If there is a pop-up to confirm this change. Click on OK button to proceed.
- Now, click on Grant Permissions button to grant permissiont to Adele Vance, John Beckles and Megan Bowen.
After you click on Grant Permissions button, you will get a pop-up message where you can provide permissions to the users or groups. On Invite People tab, provide below information:
- Add all the users in Invite box who should have access to this folder.
- You can optionally add a personal message with this Invitation (if you are sending an email invitation).
- Check or uncheck Share everything in this folder, even items with unique permissions. This will grant or restrict access to items you already set unique permissions for.
- Click on Show Options link to reveal more options.
- An email will be sent to all the users who are in the Invite box. If you dont want to send an email, then Uncheck “Send an email Invitation“.
- Select a permission level: Permission is set to Edit by default, but you can change it from the drop-down and select the desired permission assignment.
- Once you are ready, you can click on Share button.
- Once the permissions are added, it will be shown on the Permissions tab with Permission Level assigned. You can change the permissions of individual users by selecting that user and clicking on Edit User Permissions.
- Now, let’s check the permission from Manage Access option of the folder Finance-Restricted. Click on three dots next to the folder and then click on Manage Access. You will see that only three users who were added to this folder have access to it apart from Finance Team Owners.
- Thats it, Finance-Restricted folder is now restricted to Adele Vance, John Beckles and Megan Bowen.
1. How to remove Direct access permission for Owner group from a folder in sharepoint online?
After you set explicit permissions by stopping Inheritance on a sharepoint folder, you will notice that Finance Team Owners is still there in Manage access. Anyone from the owner’s group can access this restricted folder and read its contents.
Finance Team Owners group is added automatically by sharepoint as Finance Team Owners is added to Site collection administrators. For managing Site collection administrators you will need to go to the Site -> Site Permissions -> Advanced Permissions Settings -> Site Collection Administrators.
Click on Site Collection Administrations option from the tool bar.
You can see that Finance Team Owners is added to the site collection administrators who have full control over all Web sites in the site collection. You can modify the Site collection administrators from here. Please note that any changes to the Site Collection Administrators will be applicable for the whole site, not just a folder, list of document. You can always go back to this section and add or remove Site Collection Administrators.
2. How to re-Inherit permissions after breaking Inheritance on a sharepoint online folder.
You can easily re-Inherit permissions from the parent of the folder, list or document by following below steps:
- Go the the Folder and hover mouse over this folder and click on three dots.
- Click on Manage access.
- Click on Advanced link on Manage access pop-up.
- Click on Delete unique permissions.
When you click on Delete unique permissions, there will a pop-up for confirmation. After you confirm this change, It will remove all the explicit permissions added to this folder and re-Inherit permissions from the parent.
After removing Unique / explicit permissions, this folder Inherited permissions from the parent.
If you have a folder or few folders in a document library which contain sensitive information and which we do not want all site users to have access to it, Its best to restrict its access to limited number of users. In this blog post, we have seen how easy it is to manage access to a particular folder. You can also manage access to a sharepoint list or a particular document in a folder using the same steps.