Body
Summary
This article provides an in-depth explanation of SharePoint's permission inheritance, describing how files and folders automatically inherit permissions from their parent containers until items are uniquely shared (called breaking inheritance). Readers are encouraged to thoroughly review the content to gain a clear understanding of the intricacies of SharePoint permissions as they apply to libraries, folders, and files.
This article offers instructions for SharePoint site Owners to access the permissions page, break and restore inherited permissions, assign, edit, and remove unique permissions.
Content
Owners of a SharePoint site can change permissions to allow/restrict access to information.
Upon creating a SharePoint team site, a Microsoft 365 Group is automatically established and associated with the site. By default, all group members receive the same access level to every part of the site, including all files and folders. However, certain scenarios require granting different levels of access to different users for specific content. Permission inheritance is central to this process.
How SharePoint Permissions & Inheritance Differ from Box and File Shares (for USNH Users)
When USNH used Box or local file shares, permissions were usually set at the folder or file level. If you had access to a folder, you could see everything inside it, unless someone manually changed a subfolder’s settings. Box made it easy to share files or folders with specific people, but each item’s access was managed separately. Local file shares were even simpler: IT set who could access each folder, and that was it.
SharePoint works differently. It uses a hierarchy where permissions set at the top (the site or library) automatically flow down to everything underneath - folders and files inherit those permissions by default. If you need to give someone access to just one folder or file, you have to “break inheritance,” which means that item stops following the parent’s rules and gets its own set of permissions. Every time inheritance is broken, it creates a unique permission “island” that needs to be managed separately. Over time, lots of broken inheritance can make it hard to keep track of who has access to what, and can slow down SharePoint or cause confusion.
In simple terms, with SharePoint, permissions are like a waterfall – they are set at the top, and they flow down to everything below. If you put up a dam (break inheritance), you have to manage it manually. The more dams you build, the harder it is to keep track of the water (who has access). Box and file shares were more like buckets: you just decide who gets each bucket, and that’s it. SharePoint is more powerful, but it needs more careful management to avoid leaks or blockages.
Key differences for USNH users:
- SharePoint’s inheritance makes it easier to manage large groups, but breaking inheritance adds complexity.
- Permissions changes at the top level affect everything below - unless inheritance is broken.
- Too many unique permissions can make SharePoint harder to manage and slower to use.
- Best practice: manage permissions at the site or group level whenever possible, and avoid breaking inheritance unless absolutely necessary.
Understanding SharePoint Permission Inheritance
Permission inheritance ensures that files and folders automatically receive the same permissions as their parent container. The hierarchy is as follows:
- Site contains Document Libraries
- Document Library contains Folders
- Folder contains Files
By default, permissions cascade downward through this structure. If a user has access to a Document Library, they inherently have access to all folders and files within it. Similarly, access to a folder includes access to all files within that folder.
Why This Matters
When inheritance is maintained (the default state):
- Permissions management is simplified, as it occurs at the site level.
- Any changes at the site level are automatically reflected throughout the structure.
- Group members enjoy consistent access to all content.
When inheritance is broken:
- The item (library, folder, or file) receives its own set of permissions, separate from its parent.
- Modifications made at the parent level no longer impact the item.
- Permissions for this item must be managed independently, increasing administrative effort.
Automatic Breaking of Inheritance
Important: If a site member shares a document or folder with someone who is not a site member, SharePoint automatically breaks inheritance for that item. This triggers the following sequence:
- The item copies its current permissions from the parent.
- Additional permissions are granted to the new user.
- The item now possesses unique permissions.
- Future changes to the parent’s permissions will not affect this item.
This automatic process is a common cause of complex permission structures in SharePoint sites.
Common Scenarios for Breaking Inheritance
Breaking inheritance is commonly used when:
- You have confidential content that only specific people should access
- You're working with external partners who need access to specific content only
- You have compliance or regulatory requirements for access control
- A specific project needs its own permission structure within a larger site
Things to Consider Before Breaking Inheritance
- Administrative impact: Each item with unique permissions must be managed separately. Consider who will maintain these permissions when people change roles or leave the organization.
- Performance impact: Sites with thousands of uniquely secured items experience slower performance. Keep unique permissions under 5,000 items per library when possible.
- Alternatives to consider:
- Creating a separate site - If a large amount of content needs different permissions, a separate site may be easier to manage
- Temporary group membership - If access is short-term, adding someone to the site group temporarily may be simpler
- Sharing links - For external users or temporary access, sharing links are easier to track and revoke
Document your decisions: When you break inheritance, note why it was done and who should maintain it going forward. This helps future administrators understand your permission structure.
Important: Before altering permissions, consult information in SharePoint: Understanding the Permission Inheritance Hierarchy
Permissions Tab Messages
When accessing the permissions tab you may see one or more messages posted. For more information, refer to the Permissions Tab Message Explanation table.
Reminder: As noted above, this break and re-assignment of unique permissions happens automatically when a member of the group shares a file or folder with a non-member. For more information about sharing information with non-members, refer to SharePoint: Using the Manage Access Option to Manage File/Folder Permissions.
How-To
Break inherited permissions for a document library
This action assigns a unique set of permissions to the document library, separate from the permissions for the site. All folders and files within the library inherit these new permissions unless their inheritance is also broken.
When to use: If the entire document library requires different permissions than the rest of the site.
Instructions
- Navigate to your SharePoint site.
- Click the Gear icon to open Settings and select Site contents.
- On the Content page, click the Show actions icon (three vertical dots) next to a Document Library and select Settings.
- On the Settings page, click Permissions for this document library.
- Click Stop Inheriting Permissions.
Outcome
The library duplicates all permissions from the site and then disconnects from the parent. Future changes to site permissions will not affect the library. You must manage permissions for the library separately. Folders and files within the library inherit from the library unless further inheritance breaking occurs.
Break inherited permissions for a folder
Assigns unique permissions to a folder, independent from the library. Files within the folder inherit these permissions unless their inheritance is also broken.
When to use: When a specific folder needs different permissions than the rest of the library.
Instructions
- Navigate to your SharePoint site.
- Click the Gear icon to open Settings and select Site contents.
- On the Content page, open a Document Library.
- In the Document Library, click the Show actions icon (three vertical dots) next to a Folder and select Manage access.
- On the Manage Access panel, click Advanced.
- Click Stop Inheriting Permissions.
Outcome
The folder copies all permissions from the library and disconnects from its parent. Subsequent changes to library permissions will not affect this folder. Files within the folder inherit its permissions unless inheritance is further broken.
Break inherited permissions for a file
Gives a file its own permissions, independent from its folder or library. This should be done sparingly, as it introduces significant administrative complexity.
When to use: When a specific file needs permissions different from its containing folder.
Instructions
- Navigate to your SharePoint site.
- Click the Gear icon to open Settings and select Site contents.
- On the Content page, open a Document Library.
- Open a Folder within the library.
- Click the Show actions icon (three vertical dots) next to a File and select Manage access.
- On the Manage Access panel, click Advanced.
- Click Stop Inheriting Permissions.
Outcome
The file copies permissions from its folder and the connection is broken. Changes to folder permissions will not affect the file. The file now exists as a permission "island" that must be managed individually.
Assign unique permissions
You must break the permissions inherited from a parent item (site or folder) before you can assign unique permissions to the child item (folder or file).
Assigning unique permissions allows you to grant specific people or groups particular permission levels for items with unique permissions.
Instructions
- Navigate to the item's Permissions tab using the relevant procedure above.
- Click Grant Permissions on the Permissions tab.
- Note: If Grant Permissions is not visible, the item is still inheriting permissions - break inheritance first.
- When the Share form appears, choose Invite people from the navigation menu.
- Enter the names or email addresses of the people or groups to invite.
- (Optional) Add a personal message.
- Click SHOW OPTIONS.
- Choose whether to send an email invitation notification.
- Select a Permission Level from the menu.
Understanding Permission Levels
|
Permission Level
|
What Users Can Do
|
Common Use Case
|
|
Full Control
|
Complete control, including managing permissions, creating/deleting lists and libraries
|
Site Owners only
|
|
Design
|
View, add, update, delete, approve, and customize; create lists and libraries
|
Advanced users who need to customize the site
|
|
Edit
|
Create, edit, and delete content; manage lists and libraries
|
Default for site Members—broad editing rights
|
|
Contribute
|
Create, edit, and delete content; cannot create or delete lists and libraries
|
Users who should edit content but not change site structure
|
|
Read
|
View and download content only
|
Users who only need to view/read content
|
|
View Only
|
View content in browser but cannot download
|
Highly sensitive content that should not be downloaded
|
|
Limited Access
|
Access only to a specific shared item, not the whole site
|
Automatically assigned—cannot be granted manually
|
Important Permission Level Note: "Edit" is the default for site members and allows creating and deleting lists/libraries, which can be more access than necessary. "Contribute" is often preferable for typical users, as it enables content management without altering site structure.
- For folders or libraries, decide whether to check "Share everything in this folder, even items with unique permissions" to grant or restrict access to all items within the folder, including those with already unique permissions.
- Click Share to complete the process.
Outcome
The user or group is granted access to the item at the specified permission level and will be listed on the permissions page alongside inherited permissions.
Delete unique permissions and restore inherited permissions
This action removes all unique permissions from an item, reconnecting it to its parent’s permissions. It is used when unique permissions are no longer necessary, simplifying management.
Warning: All unique permissions, including those for users added specifically to this item, will be removed. Users will lose access unless they have permissions at the parent level.
Instructions
- Navigate to the item's Permissions tab using the procedures above.
- Click Delete unique permissions on the Permissions tab.
- Confirm the action in the pop-up dialog by clicking OK.
Outcome
All unique permissions are erased, and the item inherits permissions from its parent once again. Permission changes at the parent level will affect the item.
Change permission levels for a person or group
To modify a person or group's access level, the item must have unique permissions.
Instructions
- Navigate to the item's Permissions tab as previously described.
- Select the checkbox next to the name of the person or group to be edited.
- Click Edit User Permissions.
- Choose the desired permission level.
- Click OK to save changes.
Outcome
The individual or group’s permission level is updated, granting them the capabilities associated with the selected level.
Remove all permissions from a person or group
To completely remove a person or group's access to an item, ensure the item has unique permissions.
Critical Warning: Removing permissions also revokes access to all child items, even those with their own unique permissions. This action is irreversible except by manually re-adding permissions to each item as needed.
Instructions
- Navigate to the item's Permissions tab as previously described.
- Select the checkbox next to the user or group to be removed.
- Click Remove User Permissions.
- Confirm the action in the pop-up dialog by clicking OK.
Outcome
The user or group will lose all access to the item and its children unless they have rights via another route, such as being a site owner.
Understanding Permission Tab Messages
When you go to the Permissions page, you may see one or more messages at the top of the page like this:
|
Message
|
What It Means
|
What You Should Do
|
|
Some items of this list may have unique permissions which are not controlled from this page. Show these items.
|
Individual items in the library or list have unique permissions. Changes made here will not affect those items.
|
Click "Show these items" to identify items with unique permissions. Use "Manage permissions" for each item as needed. Regularly assess if all unique permissions remain necessary.
|
|
There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.
|
Some users have access only to specific items, not the entire site. Their access is limited to the item shared with them.
|
Click "Show users" to see who has limited access. This is typical when sharing individual files externally.
Note that stopping sharing does not always remove "limited access" from the site itself.
|
|
This item inherits permissions from its parent (name of parent).
|
The item is currently inheriting permissions and does not have unique permissions. (Inheritance has not been broken)
|
This is the default and recommended state. To assign unique permissions, use "Stop Inheriting Permissions".
|
Best Practices
- Use Microsoft 365 Groups to manage team site permissions - add or remove users at the group level instead of breaking inheritance on individual items.
- Minimize the use of unique permissions - each uniquely secured item adds to administrative complexity.
- Use sharing links for individual files and folders instead of broadly breaking inheritance, as sharing links are more manageable and easier to revoke.
- Keep the number of uniquely secured items under 5,000 per list or library for best performance, even though SharePoint supports up to 50,000.
- Regularly review and consolidate permissions: audit unique permissions periodically and remove those that are no longer necessary.
Additional Considerations
- Breaking inheritance cannot be partially undone - an item either inherits all permissions or has entirely unique permissions.
- Managing unique permissions requires ongoing effort - updates are needed as people join or leave the organization.
- Complex permission structures can become unmanageable as sites grow - consider the long-term impact before breaking inheritance.
- Document your permission structure - if complex, record your rationale and structure for future reference and maintenance.
Further Readings
SharePoint: Understanding the Permission Inheritance Hierarchy
SharePoint: Using the Manage Access Option to Manage File/Folder Permissions
Microsoft: Permissions inheritance in SharePoint
Microsoft: Customize permissions for a SharePoint list or library
Need additional help?
For assistance concerning site creation, content sharing, file synchronization, or other common SharePoint, OneDrive, Teams, or Office app activities, we recommend our Microsoft 365 Learning sites:
Learn more about the great tools our Microsoft 365 Learning sites offer!
Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request. For password issues you must call or visit the Help Desk in person.