Sharepoint Online access and permissions

Sharepoint permissions are managed through groups that are added to site contents to allow or restrict access. Permissions on a site can be simple or complex depending on requirements and can be managed by site owners within the Sharepoint environment.

How do I view SharePoint site permissions?

To see what access is granted, and to who, you need to view your site permissions. This gives you a view of the access given at the top level of your site. By default, the site content such as Libraries, folders, lists and documents inherit permissions from top level of the site.

If inheritance is broken the permissions created are unique – this may be done to restrict access to a Library, List or Folder. If Unique permissions are applied these can be viewed at the Library or List settings.

To view your site permissions, click on the cog in the top banner.
Select Site permissions.
Click on the Advanced permission settings link.
The site permissions will be displayed. The top 3 groups in this screenshot (inside the red rectangle) are the default SharePoint groups. You will see the permission level assigned to each group.

You can also get to this screen by clicking on ‘Site settings’ -> ‘site permissions’ from the Cog or Settings menu.

For step by step instructions (including screenshots) see How do I view site permissions?

How do I check on a user's permissions?

If you wish to check to see if a particular user or group have access to a Library, Folder or File you can browse to the object you wish to check and then go to the permissions page for that object.

To check for access on a:

Library - from the Cog choose Library settings and then choose 'Permissions for this document library'
Folder or File - with the file or folder selected click on the ellipse (...) and choose 'Manage access' then 'Advanced settings'
You can get to this by clicking on the ellipse (look in the top right corner of the 'manage access' window)

This will take you to the Permissions properties for the object.

The banner at the top of the Permissions window will display if the object is inherting permissions from it's parent. If this is the case you can click on 'Manage Parent' and view the permissions from the parent object.

To check the permissions of a user or group click on 'Check permissions' and enter the User or Group name and then 'check now'

You can also do the same check at Site level to see what access a user has.

See instructions with images

How do I create a SharePoint security group?

Your site may contain libraries or content that you wish to restrict access to or apply unique permissions. To do this you firstly need to create a group to manage this access. It should be named in a useful manner that indicates the purpose of the group.

Another example might be a role-based group where Role may be ‘OfficeAdmin’ and the group may be used to grant access to a number of libraries or content.

To create a group, go to the Site settings - Site permissions.
Click on ‘Create group’.
Name the group and set the properties as required – the group owner can be an Active directory group containing more than one person – an email group (that appears in Outlook Global Address book) or a SharePoint group used in this site. It is a good idea to have more than one person responsible for managing the group membership.
Click on Create.

For step-by-step instructions (including screenshots) see How do I create a group?

How do I apply unique permissions to SharePoint content?

Click on the cog to open the Settings.
Select Site contents.
From the site contents screen hover over the ellipse (three dots) for the library you want to apply the permissions to.
Click on Settings.
This will take you to the settings screen for this library. Choose ‘Permissions for this document library’.
This screen displays the permissions that are inherited from the Site. Click on ‘Stop inheriting permissions’ to break the inheritance.
Click OK on the confirmation.
At this point the permissions from the Site are still applied. There will be a message ‘This library has unique permissions’, but you have not made any changes yet.
To edit the access select on one or more of the groups. You can then remove the group altogether or edit the permission level of the selected group/s.
To grant permission to a group that isn’t listed you can click on grant permissions.
Enter the name of the group (you need to create this first).
Select the permission level.

For step by step instructions (including screenshots) see Applying Unique Permissions.

How do I check if a file/folder in SharePoint has unique permissions?

You can view the unique permissions on a file by following these steps:

Locate the file/folder in your SharePoint library.
Hover over the ellipse to get the 'show actions' menu.
Select Manage access.
Click on Advanced.
A banner will display "Note! This folder has unique permissions."
You will see a summary of the permissions given to the file/folder.

For step by step instructions (including screen shots) see How do I check if a file/folder in SharePoint has unique permissions?

How do I remove unique permissions on a file/folder?

You can remove the unique permissions on a file/folder by following these steps:

Locate the file/folder in your SharePoint library.
Hover over the ellipse to get the 'show actions' menu.
Select Manage access.
Click on Advanced.
A banner will display "Note! This folder has unique permissions."
You will see a summary of the permissions given to the file/folder.
Click on 'Delete unique permission's'.
Click OK on the warning message to reset the permissions to that of the parent folder or library.

For step by step instructions (including screen shots) see How do I remove unique permissions on a file/folder?

How do I add a user to a group?

To add a user to an existing group:

Click on the cog in the top banner.
Select Site settings.
Select People and groups.
You should find a list of groups in the left hand-menu, if you can't see the group you require click on 'more'.
Select the group you wish to add the user to.
The current members of the group should be displayed. Click on 'New' ' Add users to this group' .
Enter the users name. You may wish to unselect the 'send an email invitation' particularly if you are adding several people at once.

For step-by-step instructions (including screenshots) see How do I add a user to a group?

How can I restrict site sharing or sharing of folders and files?

You can control the ability of users to share files and folders or site content by changing the Access Request Settings.

To enable or disable sharing by team members with non-members

Go to Settings
Site Permissions
Click on Access Request Settings from the top menu
Uncheck all boxes apart from 'Allow access requests" and an email address should be supplied to recieve the requests.
The settings shown above will send an email containing the request to the address specified. The site owner or admin can then add this user to an appropriate group or decline the request. Automatically accepting the request via the email will create unique permissions for this object and break the inheritance of permission from the parent objects.

Link to the page How can I restrict site sharing or sharing of folders and files?

How do I share a folder or file?

You can share a link to a file or folder several different ways. The important point is to always select 'People with existing access' as this leaves the permissions on the folder or library unchanged.

Copy the link

To copy a link to paste into a meeting request or include in an email message or Teams chat

Select the folder or file to be shared
Click on copy link – it is both in the top menu and also available via Right mouse click
Make sure that ‘People with existing access can use the link’ is selected'
(click on this to change if it is not already selected)
Click ‘copy’
Paste this link into the meeting request or email message

Send link

To send a link directly via email

Select the folder or file
Click on the Sharing icon
Make sure that ‘People with existing access can use the link’ is selected'
(click on this to change if it is not already selected)
Enter the email address and a message if required
Click Send

Link to this page How do I share a folder or file?

Adding external users to SharePoint?

SharePoint sites are set to restrict external access by default. If you wish to allow external access to your SharePoint site then submit a request to Helpdesk with the details of the site and the full email address and names of users who require access.

It may be recommended that a new site be created for the purpose of sharing with External users rather than allowing external access to the existing site. This approach maintains a higher level of security for both sites.

Once external sharing has been enabled the user can be added to a group using their email address.

The external user is added in the same way as another user but you enter the entire email address. There will be a warning that this user is outside of your organisation.

You can choose to allow SharePoint to send an email invitation to the user but it is a good idea to send an email from your own account as the auto generated emails are sometimes caught by the spam or disregarded by the user.

The user needs to accept the invitation and the license conditions using the same email address used in the invitation.

Link to this content

When will external guest access expire?

External guest access will automatically expire after 30 days.

If you wish to have external access set for a longer period then a request can be made via the ITHelpdesk.

To extend or remove the external access click on the Manage link.

Click on the 3 elipses and choose the appropriate action.
You will be asked to confirm the action

Link to this page - When will guest access expire?