When collaborating on a Word document stored in OneDrive or SharePoint, you may need to limit editing rights to specific people while keeping others as read-only viewers. By default, anyone with the link can edit, which creates risks for sensitive content like contracts or project plans. This article explains how to use the Restrict Editing panel and SharePoint permissions to restrict co-authoring permissions to only the editors you choose. You will learn the exact steps to set up these restrictions and avoid common pitfalls.
Key Takeaways: Restrict Editing and SharePoint Permission Settings
- Review > Restrict Editing > Editing restrictions > Allow only this type of editing in the document > No changes (Read only): Makes the entire document read-only for all collaborators except those you explicitly exempt.
- Review > Restrict Editing > Exceptions > More users > Add specific user email addresses: Grants editing rights to named individuals while keeping the document read-only for everyone else.
- SharePoint or OneDrive link sharing settings > Specific people: Restricts access to the file to only the named editors before you apply Word-level editing restrictions.
Understanding Word Co-Authoring and Permission Layers
Word co-authoring allows multiple people to edit a document at the same time when the file is stored on OneDrive, OneDrive for Business, or SharePoint. The default sharing setting gives anyone with the link edit access, which is convenient but not secure for documents that require confidentiality or strict editorial control.
To restrict co-authoring to specific editors, you must apply two layers of restrictions. The first layer is at the file-sharing level on OneDrive or SharePoint. The second layer is inside Word using the Restrict Editing feature. Both layers must be configured correctly for the restriction to work.
The Restrict Editing feature in Word is designed for document protection, not for controlling who can open the file. It enforces read-only status for everyone except users you add to an exceptions list. However, this feature only works if the document is saved in a format that supports Information Rights Management, which is the default for .docx files stored in the cloud.
Prerequisites for Restricting Permissions
Before you begin, confirm the following:
- The document is saved to OneDrive, OneDrive for Business, or SharePoint Online.
- You have owner or full control permissions on the file location.
- All editors you want to add have a Microsoft account or work/school account.
- You are using Word for Microsoft 365, Word 2021, or Word 2019. Older versions may not support cloud-based co-authoring with restrictions.
Steps to Restrict Co-Authoring Permissions to Specific Editors
Follow these steps in order. Do not skip the file-sharing step because the Word-level restriction alone does not prevent unauthorized people from opening the document.
Step 1: Change the File Sharing Link to Specific People
- Open the document in Word for the desktop or Word for the web
Make sure the file is saved to OneDrive or SharePoint. If it is still local, move it to the cloud first. - Click the Share button in the upper-right corner of Word
A sharing dialog opens. If you are using Word for the web, the Share button is on the ribbon. - Click the link settings dropdown arrow
The default is usually “Anyone with the link can edit.” Click the arrow to change it. - Select “Specific people”
This option restricts access to only the people you explicitly invite. Do not select “People in your organization” unless you want all employees to have access. - Set the permission level to “Can edit” for each person you want to be a co-author
By default, the permission is set to “Can edit.” Leave it as is for editors. If you want someone to view only, change it to “Can view.” - Enter the email addresses of the editors and click Send or Apply
Each editor receives an email invitation. They must accept the invitation to open the document.
Step 2: Apply Read-Only Restriction in Word
- Open the document in Word for the desktop
The Restrict Editing pane is not available in Word for the web, so use the desktop version. - Go to Review > Restrict Editing
The Restrict Editing pane opens on the right side of the window. - Under Editing restrictions, check the box “Allow only this type of editing in the document”
A dropdown menu appears below the checkbox. - Select “No changes (Read only)” from the dropdown
This makes the entire document read-only for all users who are not added to the exceptions list. - Under Exceptions, click “More users”
A small dialog box opens. - Type the email addresses of the editors you want to exempt from the read-only restriction
Separate multiple addresses with semicolons. Click OK. - In the Exceptions list, check the box next to each user you just added
If you do not check the box, the user remains restricted. - Click “Yes, Start Enforcing Protection”
A dialog asks for a password. Enter a password and confirm it. This password is required to stop the protection later. Store the password securely.
Step 3: Test the Restrictions
- Ask an editor who was added to the exceptions list to open the document
They should be able to edit freely. If they see a message that the document is read-only, verify that their email address matches exactly what you entered in the Exceptions list. - Ask a person who was not added to the exceptions list to open the document
They should see the document as read-only with a message at the top indicating editing is restricted.
Common Issues After Restricting Permissions
Editors Cannot Edit Even Though They Are in the Exceptions List
This usually happens when the email address in the Exceptions list does not match the editor’s Microsoft account. For example, if you add “john.doe@contoso.com” but the editor signs in with “john.doe@outlook.com,” the restriction applies. Remove the incorrect address and add the correct one. Also confirm that the editor has accepted the sharing invitation from Step 1.
The Restrict Editing Pane Is Grayed Out
The Restrict Editing feature is disabled when the document is checked out, stored in an unsupported location, or in a format other than .docx. Save the document as a .docx file and make sure it is stored on OneDrive or SharePoint. If the document is in a SharePoint library with required checkout, check in the document first.
Co-Authoring Does Not Work for Editors in the Exceptions List
Co-authoring requires that all editors have edit permissions at both the file-sharing level and the Word restriction level. If you set the file-sharing link to “Specific people” but gave one person “Can view” instead of “Can edit,” that person cannot co-author even if they are in the Word exceptions list. Go back to the Share dialog and change their permission to “Can edit.”
| Item | File-Sharing Link Setting | Word Restrict Editing Exceptions |
|---|---|---|
| Purpose | Controls who can open the document | Controls who can edit after opening |
| Default setting | Anyone with the link can edit | No restriction (all can edit) |
| Configuration location | Share dialog in Word or OneDrive/SharePoint site | Review > Restrict Editing pane |
| Effect on co-authoring | Blocked for users without edit permission | Blocked for users not in the exceptions list |
| Password required | No | Yes, to stop protection |
Now you can restrict Word co-authoring permissions to specific editors by combining the file-sharing link set to Specific people with the Word Restrict Editing exceptions list. Start by setting the link to Specific people and inviting only the required editors. Then apply the read-only restriction and add those same editors to the exceptions list. Store the protection password in a safe place because you need it to remove the restriction later. For documents that need even tighter control, consider using Microsoft Information Protection sensitivity labels to apply encryption and permissions.