Knowing how to effectively manage folder permissions is critical to your overall permissions management strategy, and keeping your environment secure at large. With ShareGate, you can skip the hassle of manually keeping up with folder permissions management and automate the entire process in a few simple clicks!
In SharePoint, you have control over who can access, review, or revise content in SharePoint folders. Why not use it?
Effective management of folder permissions is at the heart of security in SharePoint, and ensures end users only have access to the data they actually need. Taking full control over folder permissions ensures sensitive data doesn’t end up in the wrong hands. It also ensures unnecessary users don’t tamper with content and create new content management issues.
Especially for organizations that are scaling, folder permissions will prove to be critical. You’re adding new users everyday, who are in turn adding new content all the time. You need to use folder permissions to stay on top of content management, and take control before end users start messing around with content in folders without knowing the issues they’re going to create.
To pull this off, start by thinking about folder permissions at the group level instead of permissions at the folder level. This makes it easier to apply permissions across a vast number of users without the need to manually check on individual users.
Here, we explain how folder permissions at the group level can help IT teams stay in control and avoid content management issues before they pop up. We also answer some of the most asked questions related to SharePoint folder permissions, and present a way forward for effective management. Let’s get started!
Table of contents
- What are SharePoint folder permissions?
- How do you grant permissions for SharePoint folders?
- How can you manage permissions effectively for SharePoint folders?
- What are the most common issues when you create unique permissions for SharePoint folders?
- What is SharePoint permission inheritance and how can I manage it effectively?
- How can I edit user permissions in SharePoint folders?
- Can I set permissions on individual files within a SharePoint folder?
- Can I grant folder permissions to external users in SharePoint?
- How do I audit SharePoint folder permissions?
- How can I centralize folder permissions management with ShareGate
What are SharePoint folder permissions?
For IT teams, SharePoint folder permissions help dictate the nature of access to folders that end users will have within your SharePoint environment. Of course, different users have different permissions, and effective SharePoint folder permissions management is all about creating a system where assigning permissions to different users is streamlined.
Some might only require viewing rights for folders, while others might require editing and deletion rights. This is why SharePoint permissions hierarchy exists, which makes it easier to grant permissions to different users and manage the kind of access different kinds of users will have. For example, you can use permissions hierarchy to give permissions to edit documents for C-level executives, while shielding editing rights from lower management.
But, what kind of permissions are there in SharePoint? Well, SharePoint has around 33 default permissions available, divided by categories such as list permissions, site permissions, and personal permissions.
Let’s take a look at the most popular pre-defined permission levels available. These include:
- Full control—Assigning the “Full control” permission level grants complete site control to the end user. With this kind of control, users can change site settings, create or delete subsites, and manage permissions in SharePoint.
- Design—With the “Design” permission level, users can view, approve, add, delete, update, and customize items and pages within a site.
- Edit—The “Edit” permission level allows users to manage lists in SharePoint. Users can create, edit, or delete lists but don’t have the ability to change permissions or site settings.
- Contribute—The “Contribute” permission level grants users the capability to manage personal views, change information about items and users, and delete existing list versions and document libraries. Users cannot create or delete subsites or edit user permissions or site settings in any way. However, users can add, remove, or update personal web parts with this permission level.
- Read—The “Read” permission level allows users to view pages and list items. Basically, users will be able to read content in SharePoint, but won’t be able to change it.
- Limited access—While users with limited access won’t be able to view the whole site, they will be able to read specific content within a site, such as a specific list, document library, folder, list item, or document. Additionally, with limited access, users can:
- Read application pages
- Browse user information
- Work with remote interfaces
- Use client integration
- View only—With the “View only” permission level, users can access and read application pages. This permission level is used specifically for the Excel Services Viewers group.
Other than these basic permission levels, you can work with other unique permissions if you’re using a site template other than the team site template in SharePoint.
You can check out Microsoft’s official documentation about permissions in SharePoint to read about additional permissions levels and what you can do with them.
Best practices for assigning permissions in SharePoint folders
- Check and make sure if any higher-level permissions could affect the folder you’re working with, since permissions can be inherited from a parent site or library.
- Use SharePoint groups to manage permissions, rather than granting permissions directly to individual users. Companies that are adding new users and scaling will not want to go through the trouble of always trying to keep up with managing folder permissions individually at the folder level.
How do you grant permissions for SharePoint folders?
SharePoint has a built-in process to grant permissions for folders, and it works like a charm! Let’s see how this can be done in 7 simple steps.
- Step 1—Start by navigating to the SharePoint site or library where your folder is located.
- Step 2—When you find your desired site or library, select the folder you want to set permissions for.
- Step 3—Right next to the folder name, you’ll see the three-dot ellipsis. Click on it, and then click on “Manage access” or “Shared with” (naming here varies based on your version of SharePoint).
- Step 4—In the “Manage Access” or “Shared with” pane, click “Grant access” or “Invite People.”
- Step 5—In the “Share” pane, enter the email addresses or names of the people or groups you want to grant access to, and select the type of permission you want to grant (e.g. “Read,” “Contribute,” etc.).
- Step 6—This step is completely optional. To add a touch of personalization to the invite, add a message to the email invitation for the users you invite.
- Step 7—Finally, click “send” to grant access to your specified users. And we’re done!
Also, if you want to modify or remove permissions for a user or group, simply follow steps 1-3. Start by locating the user or group you want to modify or remove, and then click on the “…” next to their name to modify or remove their access. You can also select multiple users or groups at once to modify or remove their access if required.
How can you manage permissions effectively for SharePoint folders?
Based on our experience working with SharePoint folder permissions over the years, we believe these 10 best practices are essential for effective folder permissions management:
- Use SharePoint groups—As we mentioned earlier, assigning permissions at the group level rather than assigning permissions to individuals user will do wonders for effective folder permissions management! This practice makes it easier to manage permissions in bulk and ensures consistency across the site.
- Assign permissions at the appropriate level— Make sure you’re assigning permissions at the appropriate level of the SharePoint hierarchy, such as the site or library level, instead of at the folder or item level. This helps prevent errors and makes it easier to manage permissions.
- Keep permissions simple—Here at ShareGate, we believe SharePoint management should be kept as simple as possible. For folder permissions, this means avoiding creating overly complex permission structures that are difficult to manage. Use the minimum number of groups necessary to manage permissions, and keep permissions simple!
- Regularly review permissions—There’s no substitute for timely and regular reviews, which makes up the essential part of folder permissions management in SharePoint. Regularly review permissions to ensure that users have the appropriate access, and that there are no users with unnecessary access to sensitive data.
P.S. if you’re looking for an automated solution that can do this for you, check out our permissions management solution.
- Use auditing—Enable auditing on your SharePoint site to track changes to permissions, such as when a user is granted or removed access to a folder
- Use unique permissions sparingly—Use unique permissions sparingly, as managing unique permissions can be time-consuming and difficult. Only use unique permissions when necessary, such as when you need to limit access to a specific folder or document.
- Train users—There’s only so much the IT team can do. At a certain point, you need to bring end users into the loop and trust them to manage permissions on their end as well. But, to do this effectively, have a prerequisite in place about providing training to users on how to manage SharePoint folder permissions. This can help prevent accidental changes to permissions and improve overall site security.
- Document everything—As a policy, make sure permissions for each folder or document are being documented, including the users or groups that have access, along with the level of access they have. Trust us when we say that down the line, a lot of problems will vanish when you’re auditing or troubleshooting permission issues.
- The right way to use permission levels—Use permission levels, such as “Read,” “Contribute,” and “Full Control,” instead of granting specific permissions to users or groups. This makes it easier to manage permissions and ensures consistency across the site.
- Limit permission changes—Instead of granting permissions to specific users or groups, take full advantage of already existing permission levels such as “Read”, “Contribute”, or “Full control”. This ensures consistency across the site and simplifies user permissions management.
What are the most common issues when you create unique permissions for SharePoint folders?
The most common issues include:
Issue 1: Accessibility problems even after permissions are granted
Most of the time, the IT team grants permissions to end users. But the end users aren’t able to access the right folder or document.
Check whether the end user has the appropriate level of permissions. For example, if a user has been granted “Read” permissions, they won’t be able to edit or delete files in the folder. Additionally, ensure that the user has not been explicitly denied access to the folder or document.
Issue 2: Permission inheritance problems
A common issue that often arises is when permissions are not being inherited from a parent site or library.
Check whether inheritance has been broken for the folder or document. If inheritance has been broken, you’ll need to explicitly grant permissions to the folder or document. To restore inheritance, go to the folder or document settings and select “Inherit permissions from the parent site/library.”
Ultimately, if the issue persists, it’s a good idea to check the SharePoint audit logs for any errors or issues that may be affecting permissions. It’s also wise to bring your SharePoint administrator or IT department into the loop for assistance with troubleshooting permissions issues.
What is SharePoint permission inheritance and how can I manage it effectively?
Whenever you create an item, folder, or document library within a specific folder (which will be the parent folder here), it automatically gets the same permission levels as the parent folder.
So, all of the items, folders, or document libraries within a specific folder will have the same permissions as the primary folder in which they are placed. This is known as permission inheritance and is a great way to manage permissions in bulk.
But still, for effective permission inheritance management, here are a couple of best practices we recommend:
- Think about sensitive data—Sometimes, sensitive data is placed in a folder whose inherited permissions are pretty open. If the rest of the data in that folder is not sensitive and the team has editing rights, it doesn’t mean the sensitive data should also be open to other employees.
In this instance, it’s important to break inheritance for that specific item, folder, or document library and stop inheriting permissions. Assigning unique permissions for this kind of sensitive data works best.
- Don’t go overboard with unique permissions—If you start assigning unique permissions to a lot of content, it will make it difficult to manage folder permissions later on. Have guidelines in place to make sure only vital content gets unique permissions, and that data with unique permissions is documented for smooth tracking later on.
How can I edit user permissions in SharePoint folders?
If you have the appropriate permissions to edit permissions, you can follow this step-by-step guide to edit user permissions in SharePoint folders:
- Step 1—In the SharePoint site where the folder is located, navigate to the folder for which you’re looking to edit user permissions.
- Step 2—Right next to the folder name, you’ll see the three-dot ellipsis. Click on them, and then click on “Manage access” or “Shared with” (naming here varies based on your version of SharePoint).
- Step 3—In the “Manage access” or “Shared with” panel, you’ll be able to see all of the users and groups that have access to the folder.
- Step 4—Click on the ellipses next to their name and select “Edit”.
- Step 5—Now, simply edit user permissions based on your requirements. You can update or remove permissions for certain users based on your requirements.
- Step 6—Finally, click save and close the “Manage access” or “Shared with” panel for changes to take effect. And you’re done!
Can I set permissions on individual files within a SharePoint folder?
Yes, you can! To do this, follow this step-by-step guide:
- Step 1—Open the SharePoint folder where the individual files are placed.
- Step 2—Select the files you want to set permissions for, and click on the ellipses (…) right next to it.
- Step 3—Next, click on the “Manage access” or “Shared with” menu. (naming here varies based on your version of SharePoint). Here, you’ll be able to see all users that have access to the file.
- Step 4—Click on “advanced” to open advanced permission settings.
- Step 5—Here, you can modify permissions such as adding, removing, or updating them for specific users. Once done, click on “Save” for the changes to take effect. And you’re done!
On a side note, know that changing permissions for individual files can be a hassle in the long run, especially if you have a lot of files within your SharePoint site. We recommend always changing permissions at the group-level to keep things streamlined.
But if you must do this due to unavoidable circumstances, make sure you’re documenting all permission changes to make it easier to track and troubleshoot permission issues later on. We know for many, manual documentation and keeping track can be a hassle.
That’s why ShareGate has an automated permissions management feature that handles all of this for you. Check it out to see how you can make your life much easier!
Can I grant folder permissions to external users in SharePoint?
Yes, you can share files, folders, and sites with external users in SharePoint. To grant folder permissions, follow these steps:
- Step 1—Navigate to the folder you want to grant external user permissions for.
- Step 2—Right click on the folder and click on “Share”.
- Step 3—A window will appear showing all sharing options. Navigate to the ‘specific people’ option and click on it to update access settings for external users.
- Step 4—Now, you should see an option to add the name of users you specifically want to grant access to. Write the e-mails of the external users and click “Send”. And that’s it! The users specified through email should be able to access the folder.
How do I audit SharePoint folder permissions?
ShareGate’s Permission Matrix Report can help pull off effective audits for your SharePoint folders. You get a centralized permissions management system for your folders (along with other features as well) that does the heavy lifting for you with detailed summaries of your SharePoint folder permissions.
How can I centralize folder permissions management with ShareGate?
SharePoint comes with a lot of out-of-the-box features to help you manage folder permissions, and permissions at large as well. But, after a while, keeping track of your environment manually will prove to be a hassle.
Instead of tweaking settings at the backend, it’s better to have a centralized permissions management dashboard where everything can be managed more efficiently. ShareGate’s permissions management solution does this for you, with an easy-to-use interface where you can manage all kinds of permissions more effectively. Take ShareGate out for a free test run to see how it works!