You see Error 403 Access Denied when you try to open a file in SharePoint or OneDrive, even though you are the owner. This error blocks access to your own document despite having full permissions. The root cause is almost always a mismatch between the file’s sharing link settings and the user’s authentication token, not a broken permission inheritance. This article explains why the 403 occurs on files you own and provides a reliable fix to restore access.
Key Takeaways: Fixing Error 403 on Your Own File
- SharePoint admin center > Sharing > Expiration and permissions: File-level sharing links can expire or restrict access, causing a 403 even for the owner.
- Ctrl + F5 hard refresh in the browser: A stale authentication token can trigger a 403; clearing the cache forces a fresh token.
- SharePoint admin center > Access control > Apps that don’t use modern authentication: Blocking legacy authentication protocols prevents token renewal and causes access denial.
Why a File Owner Gets Error 403 Access Denied
The 403 error means the server understands your request but refuses to authorize it. When you own a file, your permission level is full control. The 403 does not come from the file’s permission list. It comes from the sharing link or the authentication token that your browser or client presents.
SharePoint and OneDrive use access tokens that expire after a set period, typically one hour. If your browser caches an expired token, the server sees it as invalid and returns 403. The same happens if the file is shared via a link that has an expiration date or a password requirement that your current session does not satisfy.
Another cause is a conditional access policy in Microsoft Entra ID. If your organization blocks access from unmanaged devices or certain IP ranges, even file owners can be blocked. The 403 error then appears because the policy overrides the file-level permission.
Sharing Link Expiration and Password Protection
When you create a sharing link for a file, you can set an expiration date and require a password. If you access the file through that link after it expires, you get a 403. The same occurs if you enter the wrong password too many times. The link becomes invalid, and the owner is not exempt from these restrictions.
Authentication Token Staleness
Every request to SharePoint includes an OAuth 2.0 token. When the token expires, the server rejects the request. Your browser may have a cached page that uses the old token. Refreshing the page does not always replace the token. A hard refresh is required to force the browser to request a new token from Microsoft Entra ID.
Conditional Access Policies Blocking the Owner
Microsoft Entra ID conditional access policies can block access based on device compliance, location, or sign-in risk. These policies apply to all users, including file owners. If your device is not compliant or you are connecting from a blocked IP range, the policy returns a 403 before SharePoint checks file permissions.
Steps to Fix Error 403 Access Denied on a File You Own
- Perform a hard refresh in your browser
Press Ctrl + F5 on Windows or Command + Shift + R on Mac. This clears the cached page and forces the browser to request a new authentication token from Microsoft Entra ID. After the refresh, try opening the file again. - Clear browser cache and cookies
Open your browser settings and clear all cached images and files. Also delete cookies for the SharePoint domain. Close and reopen the browser. Sign in again at the SharePoint site and navigate to the file. - Check the sharing link expiration
Right-click the file and select Share. Click the gear icon to open link settings. Look for the Expiration date field. If the link has expired, change the expiration to a future date or select No expiration. Click Apply. - Remove and reapply file permissions
Go to the file, click the three dots, and select Manage access. Click the three dots next to your name and select Remove direct permissions. Then click Add people, type your name, and assign Full Control. This resets any broken permission inheritance that might be masked by ownership. - Check conditional access policies in Microsoft Entra ID
Sign in to the Microsoft Entra admin center. Go to Protection > Conditional Access > Policies. Review policies that target SharePoint Online. If a policy blocks access from your current device or location, either connect from a compliant device or ask your admin to exempt your user account. - Sign out of all Microsoft 365 sessions
Go to account.microsoft.com and sign out everywhere. Wait five minutes. Sign back in and navigate to the file. This invalidates all old tokens and forces a fresh authentication.
If SharePoint Still Has Issues After the Main Fix
File Shows 403 in OneDrive Sync Client but Opens in Browser
The OneDrive sync client uses a separate token that can expire independently. Right-click the OneDrive icon in the system tray, select Pause syncing, wait 30 seconds, then select Resume syncing. If the error persists, go to OneDrive settings > Account > Unlink this PC, then link again.
403 Error Only on Mobile App
The mobile app may use a cached token that is older than the browser token. Force close the app. On iOS, swipe up to close. On Android, go to Settings > Apps > SharePoint or OneDrive > Force Stop. Reopen the app and sign in again.
403 Error for All Files in a Library
This indicates a site-level permission issue or a broken group membership. Go to the site settings and check if your user account is still listed in the Owners group. If the group membership is missing, add your account back. Also verify that the site is not under a retention policy that removes your access.
| Item | 403 Due to Token Expiry | 403 Due to Link Expiration |
|---|---|---|
| Frequency | Occurs after 1 hour of inactivity | Occurs after the set expiration date |
| Fix method | Hard refresh or sign out | Update link expiration settings |
| Affects owner | Yes | Yes |
| Affects all files | Only files accessed with old token | Only the specific shared file |
Error 403 on a file you own is not a permission failure but a token or link policy issue. Use the hard refresh as the first step because it resolves the most common cause. If the problem persists, check the sharing link expiration and conditional access policies. Clearing all sessions and reapplying permissions will fix the remaining cases.
After applying the fix, test by opening the file in a private browser window. This confirms the token and link settings are correct. For recurring issues, set a shorter token lifetime in the SharePoint admin center or use the People with existing access link type to avoid expiration conflicts.