If you manage a SharePoint document library, you need to know exactly who can view or edit each folder. Without this information, you risk exposing sensitive data to the wrong people or blocking legitimate collaborators. SharePoint does not show folder-level permissions in a single dashboard, but you can check access using the Check Permissions tool and permission reports. This article explains how to set up and run these checks step by step, so you can audit folder access in minutes.
Key Takeaways: Folder Access Auditing in SharePoint
- Library Settings > Permissions for this document library: Opens the permission management page where you can break inheritance for a folder.
- Check Permissions button: Tests exactly what access a specific user or group has to a folder without changing settings.
- Site Settings > Site Permissions > Check Permissions: Alternative path to run the same user access check from the site level.
How SharePoint Folder Permissions Work
SharePoint document libraries inherit permissions from the parent site by default. Every folder inside the library uses the same permissions unless you break inheritance. Breaking inheritance means you stop the folder from inheriting permissions from the library and assign unique permissions to that folder only. After you break inheritance, the folder shows a locked icon in the browser, and only users or groups you explicitly add can access it.
You can check folder permissions without breaking anything by using the Check Permissions tool. This tool evaluates the current permission settings for a specific user or group against the folder and all its parent objects. It returns a list of permission levels such as Full Control, Edit, or Read that apply to that user for that folder.
Prerequisites for Checking Folder Access
To run the steps in this article, you need at least the Full Control permission level on the SharePoint site. Site owners, site collection administrators, and tenant global admins have this by default. If you are a member of the Owners group, you can proceed. If you are a member of the Members group, you may not see the permission management options.
Step-by-Step: Check Who Has Access to a SharePoint Folder
Follow these steps to find out which users and groups have access to a specific folder in a SharePoint document library. The process uses the classic permission interface, which is available in all modern SharePoint sites.
- Navigate to the document library
Open the SharePoint site that contains the folder you want to audit. In the left navigation or from the site home page, click the document library name. If the library is not listed, click Site contents and then click the library name. - Locate the target folder
Browse the library to find the folder you need to check. Do not open the folder yet. Hover over the folder name and click the circle check box that appears on the left side of the folder row. This selects the folder. - Open the folder ribbon
With the folder selected, look at the command bar at the top of the library. Click the ellipsis (three dots) on the far right of the command bar. In the menu that opens, click Manage access. This opens the Manage Access pane on the right side of the screen. - Review current permissions in the Manage Access pane
The Manage Access pane shows a list of users and groups that have direct permissions on the folder. If the folder inherits permissions from the library, the pane shows a message that says “Permissions inherited from parent” and lists the parent name. In that case, you must break inheritance before you can see unique permissions. Click Advanced permissions settings at the bottom of the pane. - Go to the Permission Settings page
Clicking Advanced permissions settings opens the classic Permission Tools page in a new browser tab. This page shows all users and groups that have permissions on the folder. If inheritance is still active, you see the same list as the library. To see only the folder-specific permissions, you must first break inheritance. - Break permission inheritance (if needed)
On the Permission Tools page, look at the ribbon at the top. Click Stop Inheriting Permissions. A confirmation dialog appears. Click OK. The page now shows only the permissions you explicitly added to this folder. All parent permissions are copied to the folder, but changes to the parent will no longer affect this folder. - Use the Check Permissions tool
On the same Permission Tools page, click Check Permissions in the ribbon. A small dialog box appears. In the User/Group field, type the name or email address of the person you want to test. SharePoint suggests matching names as you type. Click Check Now. The dialog displays the permission levels that apply to that user for this folder. It also shows the source of each permission, such as direct assignment or group membership. - Repeat for each user or group
You must test each user or group individually. The Check Permissions tool does not export a report. For a full audit, repeat step 7 for every person or group you need to verify. Write down the results or take screenshots.
Common Issues When Checking Folder Access
Check Permissions Button Is Grayed Out
If the Check Permissions button appears gray and cannot be clicked, you are likely on the site-level permissions page instead of the folder-level permissions page. Navigate back to the library, select the folder, and follow the steps above to open the folder-specific Permission Tools page. The Check Permissions button works only from the folder or library permission page, not from the site collection permissions page.
Manage Access Shows Inherited Permissions Only
When the Manage Access pane shows inherited permissions, you cannot see folder-specific access until you break inheritance. Breaking inheritance is a permanent change. If you later want to restore inheritance, you must delete all unique permissions and click Inherit Permissions on the Permission Tools page. This removes all folder-specific permissions and applies the parent library permissions again.
User Does Not Appear in Check Permissions Results
If you type a user name and the Check Permissions tool returns “No permissions found,” the user has no direct or group-based access to the folder. However, the user might still access the folder through a sharing link. The Check Permissions tool does not evaluate sharing links. To check sharing links, open the folder, click the ellipsis, and click Manage access. In the Manage Access pane, look for links listed under Links Giving Access. Each link shows who can use it and what permission level it grants.
| Item | Check Permissions Tool | Manage Access Pane |
|---|---|---|
| Purpose | Test access for one user or group at a time | View and modify permissions for all users and groups |
| Shows sharing links | No | Yes, under Links Giving Access |
| Requires breaking inheritance | No, works with inherited permissions | No, but shows inherited status |
| Exportable results | No, manual only | No, manual only |
After completing these steps, you can see exactly which users and groups have access to any folder in your SharePoint library. Use the Check Permissions tool regularly to verify permissions before sharing sensitive folders. For a faster audit across many folders, consider using the SharePoint admin center site permissions report, which shows all unique permissions for an entire site. That report does not show folder-level permissions, but it helps you identify which libraries have broken inheritance.