Skip to main content

Understanding Permissions Inheritance in SharePoint

Drew Keenan

SharePoint uses a parent-child inheritance model for permissions. Understand how it works and you will save hours of troubleshooting and avoid the most common source of accidental over-sharing.

How inheritance works

By default, every site, library, folder, and file in SharePoint inherits permissions from the level above it. Give someone access to a site and they can see everything inside it, unless inheritance has been broken somewhere further down.

The inheritance chain looks like this:

Site collection → Site → Library → Folder → File

Breaking inheritance

You can break inheritance at any level, typically on a library, folder, or individual file, to apply different permissions. Once broken, changes to the parent no longer flow down to that item.

Breaking inheritance is useful when:

  • A library contains sensitive documents that only specific people should see.
  • A project folder needs to be shared with an external party without exposing the rest of the site.
  • A single document needs to be locked down for legal or compliance reasons.

What to watch out for

Broken inheritance is invisible to most users. There is no visual indicator that an item has different permissions from its parent. This is the single biggest cause of accidental over-sharing and access confusion in SharePoint.

TC's governance recommendations:

  • Keep broken inheritance to a minimum. The more you break it, the harder the environment is to manage.
  • Document where inheritance has been broken and why.
  • Review broken-inheritance items as part of your regular content lifecycle review.

How to check and change permissions

On any library, folder, or file in SharePoint:

  1. Go to Settings in the top-right corner, or right-click the item.
  2. Choose Manage access, or Library settings then Permissions for this document library.
  3. Look for a banner stating "This library inherits permissions" or "This library has unique permissions".

If you need help reviewing or remediating permissions across your environment, submit a support ticket and we will work through it with you.

Related articles

Comments

0 comments

Please sign in to leave a comment.