Sharepoint Online access and permissions

Sharepoint permissions are managed through groups that are added to site contents to allow or restrict access. Permissions on a site can be simple or complex depending on requirements and can be managed by site owners within the Sharepoint environment.

How do I view Sharepoint site permissions?

To see what access is granted, and to who, you need to view your site permissions. This gives you a view of the access given at the top level of your site. By default, the site content such as Libraries, folders, lists and documents inherit permissions from top level of the site.

If inheritance is broken the permissions created are unique – this may be done to restrict access to a Library, List or Folder. If Unique permissions are applied these can be viewed at the Library or List settings.

To view your site permissions, click on the cog in the top banner.
Select Site permissions.
Click on the Advanced permission settings link.
The site permissions will be displayed. The top 3 groups in this screenshot (inside the red rectangle) are the default SharePoint groups. You will see the permission level assigned to each group.

You can also get to this screen by clicking on ‘Site settings’ -> ‘site permissions’ from the Cog or Settings menu.

For step by step instructions (including screenshots) see How do I view site permissions?

How do I create a Sharepoint security group?

Your site may contain libraries or content that you wish to restrict access to or apply unique permissions. To do this you firstly need to create a group to manage this access. It should be named in a useful manner that indicates the purpose of the group. This naming protocol is suggested with SP indicating it as a SharePoint group and the Item Name would be the library or content that the group will be given access to.

SP_<LibraryName>_<PermissionLevel> 

Another example might be a role-based group where Role may be ‘OfficeAdmin’ and the group may be used to grant access to a number of libraries or content.

SP_<Role>_<PermissionLevel> 

To create a group, go to the Site settings - Site permissions.
Click on ‘Create group’.
Name the group and set the properties as required – the group owner can be an Active directory group containing more than one person – an email group (that appears in Outlook Global Address book) or a SharePoint group used in this site. It is a good idea to have more than one person responsible for managing the group membership.
Click on Create.

For step-by-step instructions (including screenshots) see How do I create a group?

How do I apply unique permissions to Sharepoint content?

Click on the cog to open the Settings.
Select Site contents.
From the site contents screen hover over the ellipse (three dots) for the library you want to apply the permissions to.
Click on Settings.
This will take you to the settings screen for this library. Choose ‘Permissions for this document library’.
This screen displays the permissions that are inherited from the Site. Click on ‘Stop inheriting permissions’ to break the inheritance.
Click OK on the confirmation.
At this point the permissions from the Site are still applied. There will be a message ‘This library has unique permissions’, but you have not made any changes yet.
To edit the access select on one or more of the groups. You can then remove the group altogether or edit the permission level of the selected group/s.
To grant permission to a group that isn’t listed you can click on grant permissions.
Enter the name of the group (you need to create this first).
Select the permission level.

For step by step instructions (including screenshots) see Applying Unique Permissions.

How do I check if a file/folder in Sharepoint has unique permissions?

You can view the unique permissions on a file by following these steps:

Locate the file/folder in your Sharepoint library.
Hover over the ellipse to get the 'show actions' menu.
Select Manage access.
Click on Advanced.
A banner will display "Note! This folder has unique permissions."
You will see a summary of the permissions given to the file/folder.

For step by step instructions (including screen shots) see How do I check if a file/folder in Sharepoint has unique permissions?

How do I remove unique permissions on a file/folder?

You can remove the unique permissions on a file/folder by following these steps:

Locate the file/folder in your Sharepoint library.
Hover over the ellipse to get the 'show actions' menu.
Select Manage access.
Click on Advanced.
A banner will display "Note! This folder has unique permissions."
You will see a summary of the permissions given to the file/folder.
Click on 'Delete unique permission's'.
Click OK on the warning message to reset the permissions to that of the parent folder or library.

For step by step instructions (including screen shots) see How do I remove unique permissions on a file/folder?

How do I add a user to a group?

To add a user to an existing group:

Click on the cog in the top banner.
Select Site settings.
Select People and groups.
You should find a list of groups in the left hand-menu, if you can't see the group you require click on 'more'.
Select the group you wish to add the user to.
The current members of the group should be displayed. Click on 'New' ' Add users to this group' .
Enter the users name. You may wish to unselect the 'send an email invitation' particularly if you are adding several people at once.

For step-by-step instructions (including screenshots) see How do I add a user to a group?

How can I restrict site sharing or sharing of folders and files?

You can control the ability of users to share files and folders or site content by changing the Access Request Settings.

To enable or disable sharing by team members with non-members

Go to Settings
Site Permissions
Click on Access Request Settings from the top menu
Uncheck all boxes apart from 'Allow access requests" and an email address should be supplied to recieve the requests.
The settings shown above will send an email containing the request to the address specified. The site owner or admin can then add this user to an appropriate group or decline the request. Automatically accepting the request via the email will create unique permissions for this object and break the inheritance of permission from the parent objects.

Link to the page How can I restrict site sharing or sharing of folders and files?

How do I share a folder or file?

You can share a link to a file or folder several different ways. The important point is to always select 'People with existing access' as this leaves the permissions on the folder or library unchanged.

Copy the link

To copy a link to paste into a meeting request or include in an email message or Teams chat

Select the folder or file to be shared
Click on copy link – it is both in the top menu and also available via Right mouse click
Make sure that ‘People with existing access can use the link’ is selected'
(click on this to change if it is not already selected)
Click ‘copy’
Paste this link into the meeting request or email message

Send link

To send a link directly via email

Select the folder or file
Click on the Sharing icon
Make sure that ‘People with existing access can use the link’ is selected'
(click on this to change if it is not already selected)
Enter the email address and a message if required
Click Send

Link to this page How do I share a folder or file?

When will external guest access expire?

External guest access will automatically expire after 30 days.

Site owners will see a warning message warning similar to this:

To extend or remove the external access click on the Manage link.

Click on the 3 elipses and choose the appropriate action.
You will be asked to confirm the action

Link to this page - When will guest access expire?