I recently created a folder in a SharePoint Online document library for storing confidential information. Access to this folder is restricted to specific individuals. By default, when a folder is created in a SharePoint library, it inherits permissions from the SharePoint site.
Consequently, any permissions assigned at the site level will be automatically applied to the newly created folder.
By default, in a site collection, all sites, lists, and libraries inherit permissions from the site directly above them. This inheritance extends to folders, lists, and documents within a document library, which also inherit permissions from their containing site.
To restrict access to a specific folder, the first step is to break the inheritance on that folder. Following that, permissions can be assigned explicitly to the desired users or groups.
When a folder contains more than 100,000 items, you can’t break permissions inheritance on that folder. Also, if you previously had disabled inheritance on this folder and now want to re-inherit permissions, this will also not work.Note
Steps to Restrict Access to a Folder in SPO Document Library
Before proceeding with this process, please compile a list of users who require access to the specific folder. For instance, if you’ve created a folder named ‘Finance-Restricted‘ and intend to limit access to specific finance users, gather the names of those users beforehand.
After identifying the users who need access to the ‘Finance-Restricted’ folder, you can follow the steps below to configure their access.
- Create a folder called Finance-Restricted in the document library.
- Hover your mouse over this folder, click on the three dots next to it, and then select “Manage access“.
- Click on the “Advanced” link in the “Manage access” pop-up.
- Click on the “Stop Inheriting Permissions” option from the toolbar.
- As discussed earlier, this folder is inheriting permissions from its parent. Therefore, to assign explicit permissions, we will need to break inheritance first. Clicking on “Stop Inheriting Permissions” will copy permissions from the parent and stop inheritance.
- Changes made to parent permissions in the future will not apply. You can always go back to start inheriting permissions again in the future if you want to move away from explicit permissions for this particular folder.
- After clicking on the “Stop Inheriting Permissions” option, you will receive a pop-up message to confirm this change. Click the “OK” button to proceed.
- After stopping inheritance from the parent, you can now manage permissions for this folder. For example, if you only want three users to have access to this site—finance team members Adele Vance, John Beckles, and Megan Bowen.
- To control access to this folder and restrict it to the specified three users, you’ll need to remove the existing default groups added to the site permissions. Select “Finance Team Members“, “Finance Team Owners“, and “Finance Team Visitors” groups, then click on “Remove User Permissions“. If a pop-up appears to confirm this change, click the “OK” button to proceed.
- Now, click on the “Grant Permissions” button to grant permissions to Adele Vance, John Beckles, and Megan Bowen.
- Add all the users in the “Invite” box who should have access to this folder.
- You can optionally add a personal message with this invitation (if you are sending an email invitation).
- Check or uncheck “Share everything in this folder, even items with unique permissions“. This will grant or restrict access to items you’ve already set unique permissions for.
- Click on the “Show Options” link to reveal more options.
- An email will be sent to all the users who are in the “Invite” box. If you don’t want to send an email, then uncheck “Send an email invitation“.
- Select a permission level: Permission is set to “Edit” by default, but you can change it from the drop-down and select the desired permission assignment.
- Once you are ready, you can click on the “Share” button.
- Now, let’s verify the permissions using the “Manage Access” option for the folder “Finance-Restricted“. Click on the three dots next to the folder and then select “Manage Access“. You will observe that only the three users who were added to this folder have access to it, in addition to Finance Team Owners.
- That concludes the process. The ‘Finance-Restricted’ folder is now restricted to Adele Vance, John Beckles, and Megan Bowen.
1. Removing Owner Group’s Direct Access in SharePoint Online Folder
After setting explicit permissions by stopping inheritance on a SharePoint folder, you’ll notice that ‘Finance Team Owners‘ is still present in ‘Manage Access‘. Anyone from the owner’s group can access this restricted folder and read its contents.
The ‘Finance Team Owners‘ group is automatically added by SharePoint because ‘Finance Team Owners’ is included in the Site Collection Administrators.
To manage Site Collection Administrators, navigate to Site -> Site Permissions -> Advanced Permissions Settings -> Site Collection Administrators.
Click on the ‘Site Collection Administrators‘ option in the toolbar.
You can observe that ‘Finance Team Owners‘ is included in the site collection administrators, providing full control over all websites in the site collection.
You can modify the site collection administrators from this section. It’s important to note that any changes to the site collection administrators will apply to the entire site, not just a specific folder, list, or document. You can revisit this section to add or remove site collection administrators at any time.
2. Reinheriting Permissions in SharePoint Online Folder After Breaking Inheritance
You can easily reinherit permissions from the parent of the folder, list, or document by following the steps below:
- Go to the folder and hover the mouse over it, then click on the three dots.
- Click on “Manage access“.
- Click on the “Advanced” link in the “Manage access” pop-up.
- Click on “Delete unique permissions“.
When you click on “Delete unique permissions,” a confirmation pop-up will appear. After confirming this change, all explicit permissions added to this folder will be removed, and it will inherit permissions from the parent.
After removing unique/explicit permissions, this folder inherited permissions from the parent.
If you have folders in a document library containing sensitive information and prefer to limit access to only a select group of users, it’s advisable to restrict access.
In this blog post, we’ve demonstrated how easily you can manage access to a specific folder. The same steps can be applied to manage access for SharePoint lists or individual documents within a folder.