In this blog post, we will see the steps to restrict a folder in SharePoint online document library. By default, when you create a folder in the document library, it will inherit permissions from the SharePoint site.
In a site collection, all sites, lists, and libraries inherit permissions from the site directly above it. This inheritance extends to folders, lists, and documents within a document library.
To restrict access to a specific folder, we need to break the inheritance on that folder. After that, we can assign explicit permission on a specific folder.
When a folder contains more than 100,000 items, you can’t break permissions inheritance on that folder. Also, if you previously had disabled inheritance on this folder and now want to re-inherit permissions, this will also not work.
Note
Contents
Restrict Access to a Folder in Document Library
Before proceeding with this process, please put together a list of users who require access to the specific folder. For instance, if you’ve created a folder named Finance-Restricted and intend to limit access to specific users, gather the names of those users beforehand and follow below steps.
- As an example, I will be creating Finance-Restricted folder in the document library.
- Hover your mouse over this folder, click on the three dots next to it, and then select Manage access.
- Click on the Advanced link in the Manage access pop-up.
- Click on the Stop Inheriting Permissions option from the toolbar.
- As discussed earlier, this folder is inheriting permissions from its parent. Therefore, to assign explicit permissions, we will need to break inheritance first. Clicking on Stop Inheriting Permissions, it will copy permissions from the parent and stop inheritance.
- Changes made to parent permissions in the future will not apply. You can always go back to start inheriting permissions again in the future if you want to move away from explicit permissions for this particular folder.
- After clicking on the Stop Inheriting Permissions option, you will receive a pop-up message to confirm this change. Click the OK button to proceed.
- After stopping inheritance from the parent, you can now manage permissions for this folder. For example, we want to restrict access to this folder and make it accessible only to three users: Adele Vance, John Beckles, and Megan Bowen.
- To control access to this folder and restrict it to the specified three users, you’ll need to remove the existing default groups added to the site permissions. Select Finance Team Members, Finance Team Owners, and Finance Team Visitors groups, then click on Remove User Permissions. If a pop-up appears to confirm this change, click the OK button to proceed.
- Now, click on the Grant Permissions button to grant permissions to Adele Vance, John Beckles, and Megan Bowen.
- Add all the users in the Invite box who should have access to this folder.
- You can optionally add a personal message with this invitation (if you are sending an email invitation).
- Check/uncheck, Share everything in this folder, even items with unique permissions.
- Click on the Show Options link to reveal more options.
- An email will be sent to all the users who are in the Invite box. If you don’t want to send an email, then uncheck Send an email invitation.
- Select a permission level: Permission is set to edit by default, but you can change it from the drop-down and select the required permission.
- Once you are ready, you can click on the Share button.
- Now, let’s verify the permissions using the Manage Access option for the folder Finance-Restricted. Click on the three dots next to the folder and then select Manage Access. You will notice that only the three users who were added to this folder have access to it, in addition to Finance Team Owners.
- That concludes the process. Finance-Restricted folder is now restricted to Adele Vance, John Beckles, and Megan Bowen.
Removing Site Collection Owner’s Access to the Folder
After setting explicit permissions by stopping inheritance on a SharePoint folder, you’ll notice that Finance Team Owners is still listed in Manage Access. Anyone from the owner’s group can access this restricted folder and read its contents.
Finance Team Owners group is automatically added by SharePoint because Finance Team Owners is included in the Site Collection Administrators.
- To manage Site Collection Administrators, navigate to Site > Site Permissions > Advanced Permissions Settings > Site Collection Administrators.
- Click on the Site Collection Administrators option in the toolbar.
- You can see that Finance Team Owners group is included in the Site collection administrators, providing full control over all websites in the site collection.
- You can modify the Site Collection Administrators. It’s important to note that any changes to the site collection administrators will apply to the entire site, not just a specific folder, list, or document. You can revisit this section to add or remove site collection administrators at any time.
Re-Inheriting Permissions on SharePoint Online Folder
You can re-inherit permissions on a SharePoint folder by following below steps:
- Go to the folder and hover the mouse over it, then click on the three dots.
- Click on Manage access.
- Click on the Advanced link in the Manage access pop-up.
- Click on Delete unique permissions.
When you click on Delete unique permissions, a confirmation pop-up will appear. After confirming this change, all explicit permissions added to this folder will be removed, and it will inherit permissions from the parent.
After removing unique/explicit permissions, our example folder Finance-Restricted inherited permissions from the parent and added default SharePoint groups.
Conclusion
If you have folders in a document library containing sensitive information and prefer to limit access to only a select group of users, it’s recommended to restrict access. In this blog post, we’ve demonstrated how easily you can manage access to a specific folder. The same steps can be applied to manage access for SharePoint lists or individual documents within a folder.
