When you upload a file to a SharePoint document library folder that has unique permissions, the new file may inherit permissions from the library root instead of the folder. This breaks your security model and leaves files accessible to the wrong users. The root cause is a SharePoint permission inheritance behavior called list item auditing that resets permission inheritance on new items. This article explains why this happens and gives you a user-safe fix using a SharePoint Designer workflow or a Power Automate flow to reapply folder permissions automatically.
Key Takeaways: Fixing Folder Permission Inheritance for New Files
- SharePoint Designer 2013 workflow: Automatically breaks permission inheritance on new files and copies permissions from the parent folder.
- Power Automate flow: A no-code alternative that reapplies folder-level permissions to new files using the “Send an HTTP request to SharePoint” action.
- Library setting > Advanced Settings: Disable “Create item permission” auditing to prevent permission resets on upload.
Why Folder Permissions Do Not Apply to Newly Uploaded Files
SharePoint document libraries use a permission inheritance model. When you break permission inheritance on a folder and set unique permissions, that folder becomes a permission scope. Files uploaded to that folder should inherit from the folder. However, SharePoint’s list item auditing feature can override this behavior.
List item auditing tracks who creates, edits, or deletes items. When a new file is uploaded, SharePoint audits the creation event. In some configurations, this auditing process resets the permission inheritance on the new file back to the library root. This is not a bug — it is a side effect of how SharePoint handles permission scopes during item creation events. The result is that the new file inherits permissions from the top of the library instead of from the folder.
Another contributing factor is the site collection feature called “Report List Item Permissions.” When enabled, this feature forces permission inheritance to recalculate on every item creation, which can break folder-level inheritance. Site collection administrators can disable this feature, but that is not always an option in enterprise environments.
Steps to Fix Folder Permissions for New Files
You have three methods to fix this issue. Method 1 is the most reliable and does not require coding. Method 2 is for users with Power Automate licenses. Method 3 is a preventive setting that may stop the problem from occurring.
Method 1: Use a SharePoint Designer 2013 Workflow
- Open the document library in SharePoint Designer 2013
Launch SharePoint Designer 2013 and connect to your SharePoint site. In the left navigation, click Site Objects and then Lists and Libraries. Select your document library from the list. - Create a new workflow
On the Workflows tab of the library ribbon, click New and choose List Workflow. Name it “Apply Folder Permissions” and select SharePoint 2013 Workflow as the platform type. - Set the workflow trigger
In the workflow designer, click the Start Options button. Check the box for Start workflow automatically when an item is created. Uncheck the box for Start workflow automatically when an item is changed. - Add the “Break Permission Inheritance” action
From the Action menu, select List Actions and then Break Permission Inheritance. In the dialog that appears, set This item as the target. Leave the Copy permissions from parent option unchecked. Click OK. - Add the “Copy Permissions from Parent Folder” action
From the Action menu, select List Actions and then Copy Permissions from Parent. In the dialog, set This item as the target. Click OK. - Publish the workflow
Click Publish on the ribbon. A confirmation message appears. The workflow is now active and will run automatically on every new file upload.
Method 2: Use Power Automate to Reapply Permissions
- Create a new automated cloud flow
Go to Power Automate and sign in. Click Create and select Automated cloud flow. Name the flow “Folder Permission Fix”. - Set the trigger
Search for and select the trigger When a file is created in a folder. Provide the site URL and library name. In the Folder field, leave it blank to apply to all folders or specify a specific folder path. - Add a “Send an HTTP request to SharePoint” action
Click New step. Search for Send an HTTP request to SharePoint. Set Site Address to your site URL. Set Method to POST. In the Uri field, enter:_api/web/lists/getbytitle('Documents')/items({ID})/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=false). ReplaceDocumentswith your library name and{ID}with the dynamic content ID from the trigger. - Add a second HTTP request to copy folder permissions
Click Add an action and again select Send an HTTP request to SharePoint. Set Site Address to the same site URL. Set Method to POST. In the Uri field, enter:_api/web/lists/getbytitle('Documents')/items({ID})/copypermissionsfromparent(). ReplaceDocumentsand{ID}as before. - Save and test the flow
Click Save. Upload a test file to a folder with unique permissions. The flow should run within a few seconds. Check the file permissions to confirm they match the folder.
Method 3: Disable List Item Auditing (Preventive)
- Go to the document library settings
Navigate to the document library where the problem occurs. Click the gear icon and select Library settings. - Open Advanced Settings
Under General Settings, click Advanced settings. - Disable item creation auditing
Scroll to the Audit section. Uncheck Create item permission. Click OK to save.
If Folder Permissions Still Do Not Apply After the Fix
New files inherit library permissions instead of folder permissions
If the workflow or flow runs but permissions still show library-level access, the issue may be with the site collection feature “Report List Item Permissions.” This feature forces permission recalculation on all item creation events. A site collection administrator must disable this feature:
- Go to Site Settings
Click the gear icon and select Site settings. - Open Site Collection Features
Under Site Collection Administration, click Site collection features. - Deactivate the feature
Find Report List Item Permissions and click Deactivate.
Workflow does not trigger on uploads
If the SharePoint Designer workflow does not start, check the Workflow Settings in the library. Go to Library settings > Workflow Settings. Ensure the workflow is set to Start on creation and is not paused. Also verify that the workflow is Published and not in Draft mode.
Power Automate flow fails with 403 error
A 403 Forbidden error means the flow does not have sufficient permissions. Ensure the connection used in the flow has Edit or Full Control access to the document library. You can update the connection in the flow editor by clicking the three dots on the trigger or action and selecting Change connection.
Workflow vs Power Automate vs Manual Fix: Comparison
| Item | SharePoint Designer Workflow | Power Automate Flow | Manual Permission Reapplication |
|---|---|---|---|
| License required | SharePoint Designer 2013 (free) | Power Automate per-user plan or Office 365 license | None |
| Automation | Fully automatic on item creation | Fully automatic on file creation in folder | Manual per file |
| Reliability | High — runs on SharePoint server | Medium — dependent on external service | Low — human error possible |
| Setup time | 30 minutes | 15 minutes | 5 minutes per file |
You now have a reliable way to ensure new files in SharePoint folders automatically inherit the correct permissions. Start by using Method 1 with SharePoint Designer 2013 for the most stable solution. If you prefer a cloud-based approach, use Method 2 with Power Automate. As an advanced tip, combine Method 3 with either workflow to prevent the permission reset from happening in the first place. This dual approach gives you the strongest protection against permission drift in your document libraries.