1. Introduction
SharePoint Online makes it easy to control who can access and edit content. Whether it is sharing a document, a folder, or an entire site, understanding permissions ensures the information is available to the right people, without compromising on security.
Think of permissions like keys – some users might need full access to make changes, while other users just need to view information.
This guide walks through the basics of managing permissions, so you can confidently share content while keeping control.
1.3 Understanding SharePoint Online Permission Levels
SharePoint Online uses various permission levels to manage access rights for different users, which helps maintain data security and efficient workflows.
The table below provides a brief explanation of each permission level:
Full Control | Users have complete access to all site features and settings This level is typically for site administrators only |
Design | Users can create and customise lists, libraries, and pages |
Edit | Users can add, edit, and delete lists and files |
Contribute | Users can add, edit, and delete items in existing lists and document libraries Users cannot manage settings |
Read | Users can view pages and items in lists and document libraries, but cannot edit them |
View Only | Users can view pages, items, and documents, but cannot download or edit them |
Limited Access | Users can access specifically shared content but not the whole site |
2.3 Assigning permissions
2.1.4 Assigning permissions
Assign permissions to a SharePoint Site | |
Navigate to your SharePoint site you want to manage Select Settings ![]() | ![]() |
Click on the Share site button | ![]() |
Enter the names or email addresses of the users or groups you want to add (When you begin typing, it will display a list of found users and groups) Click Add | ![]() |
Select the appropriate permission level (Read, Edit, Full Control) click Add | ![]() |
2.2.4 Library or List Level Permissions
Assign permissions to a document library or list | |
Open the Library or List you want to assign permissions for: Select Settings Depending on your SharePoint version, you may need to then select More library settings | ![]() ![]() |
On the Settings page, under Permissions and Management, select Permissions for this document library | ![]() |
Select the permission group level that you want to assign a user to | ![]() |
Click on New Select Add Users | ![]() |
Click Invite people and enter the names or email addresses of the users Provide a personal message if you wish Click Share Note: You can choose to Send an email invitation to the user which will notify them and provide them with a link | ![]() |
2.3.4 Item level Permissions
Assign permissions to an individual item, document or folder | |
Navigate to the item, file or folder you want to share Select Manage Access | ![]() |
Click Share Enter the names or email addresses of the users you want to share with | ![]() ![]() |
Select the appropriate permission level Provide a personal message if you wish Click Send – a notification will be sent to the user(s) informing them that the file or folder has been shared with them Note: You can select Copy link and paste the link into your own communication with the user you have shared with (via email, Teams etc…) | ![]() |
3.3 Permissions Inheritance
Permission Inheritance: By default, SharePoint Online uses permission inheritance, meaning that permissions set at a higher level (like a site) are automatically applied to all lower levels (like libraries, lists, and items). This simplifies management by ensuring consistent access across related content.
Unique Permissions: When you need different access controls for specific content, you can break inheritance and set unique permissions. This allows you to customise who can view or edit specific libraries, lists, or items, independent of the parent sites permissions.
Key Points: | Inheritance: Simplifies permission management by applying the same permissions across multiple levels Unique Permissions: Provides flexibility to tailor access for specific content, but can increase complexity |
When you go to the Permissions page, you may see one or more messages at the top of the page like this:

The table below explains what each of these messages means:
Some items of this list may have unique permissions which are not controlled from this page. Show these items | This means that, at some time in the past, an individual item within the list, library, or survey was shared with others. When you click Show these items, you will see an Exceptions dialog box showing which items they are. If you are an owner of the item, click Manage permissions for each one to make changes |
There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users | This means that if an item has been shared with a user, but the entire list, library, or survey has not, then their access is limited to the one item that has been shared with them. Click Show users to see who they are |
This library inherits permissions from its parent. (name of site) | This means that inheritance has not yet been broken for the list, library, or survey |
3.1.4 Breaking Permission Inheritance in SharePoint
You will need to break permission inheritance before you can assign unique permissions, change permissions levels, or remove user permissions to a list, library, or survey.
- When you break permissions inheritance for a list, library, or item and then define new permission settings, the list (or library) becomes a parent for items in it
- Items under that parent now inherit the new permission settings (unless the items have uniquely defined permissions)
To break inheritance | |
Go to the Site, Library, or Item where you want to break inheritance Go to the Permissions page (using the steps in previous section 1.2.2) To break permissions inheritance from the parent, select Stop Inheriting Permissions | ![]() |
Important Note: When a list or library contains more than 100,000 items, you can’t break permissions inheritance on the list itself. Nor can you re-inherit permissions on the list itself When a folder contains more than 100,000 items, you can’t break permissions inheritance on that folder itself. Nor can you re-inherit permissions on that folder itself Items within the library or folder hitting the limit (say a single file or folder) won’t be impacted – so you could still, for example, break inheritance on any single file inside a library with greater than 100,000 items When a user shares a document or other individual item, inheritance is automatically broken for that item. Inherited permissions are copied to the item, and permissions for the users with whom the item was shared are added. If changes in permissions are made to the parent item, those changes are not applied to the item |
3.2.4 Assign Unique Permissions in SharePoint
Once you have broken inheritance using the steps in the section above, follow these steps to grant unique permissions:
Assign Unique Permissions | |
Go to the Site, Library, or Item and open it Go to the Permissions page (using the steps in previous section 1.2.2) Select Grant Permissions on the Permissions tab | ![]() |
Note: If the list or library is inheriting from the parent, you will not see Grant Permissions | |
In the Share… dialog box, make sure Invite people is selected Enter the names or email addresses of the users or groups you want to grant access to Provide a personal message if you wish Check or uncheck Share everything in this folder, even items with unique permissions Note: This will grant or restrict access to items you already set unique permissions for. (This option is only available for folders) | ![]() |
The permission level is set to Edit by default If you want to grant a different permission level like Read only, click Show options and change the selection in the Select a permission level box An email message will be sent to everyone in the Invite people box. If you do not want this to happen, click Show options, and uncheck Send an email invitation Click Share | ![]() |
TIP! In some cases, you might want to create a Windows Active Directory security group and grant access to a library or list for all the people in the Windows security group. An example might be you want to grant your whole team access to a list by adding the team security group to a SharePoint group. Then, when new people join your team, you grant them appropriate permissions by just adding them to the appropriate Windows security group | |
Note: You cannot grant access to a distribution group that is not a Windows security group |
3.3.4 Change permissions levels in SharePoint
You must break inheritance from the parent site before you can change unique permissions. Once you have broken inheritance using the steps in section 1.3.1, follow these steps to change permissions:
Change Permission Levels | |
Go to the Site, Library, or Item where you want to Edit unique permissions Go to the Permissions page using the steps in previous section 1.2.2 In the Name list, select the checkbox next to the name of the user or group that you want to change permission levels for | ![]() ![]() |
Under Permissions, select the box for the permission level you want for the users or groups you selected Click OK | ![]() |
3.4.4 Restore inheritance to delete all unique permissions in SharePoint
When you break permissions inheritance between a site, folder, list, library, list item, or document and its parent, you can restore inheritance at any time, which removes any custom permissions you set.
To Restore Inheritance | |
Go to the Site, Library, or Item and open it + Go to the Permissions page (using the steps in previous section 1.2.2) On the Permissions tab (for a list or a library), select Delete unique permissions Select OK | ![]() |