As a SharePoint site owner, you need to know exactly who can access each folder in your document library. Without this information, you risk exposing sensitive data to the wrong people or locking out team members who need to work. SharePoint permissions are inherited by default but can be broken at the folder level, making it hard to track who has access. This article provides a practical checklist to find folder-level permissions, identify unique permissions, and review access for specific users or groups.
Key Takeaways: Checklist for Checking Folder Access in SharePoint
- Library settings > Permissions for this document library: Shows the top-level permissions inherited by all folders and files.
- Folder > Manage access: Opens the modern sharing panel showing direct access grants for that specific folder.
- Folder > Manage access > Advanced settings: Opens the classic permissions page to see unique permissions broken from the parent.
- Site permissions > Check permissions: Tests a specific user or group to reveal what they can see in the folder.
- Site permissions > Access requests and invitations: Shows pending requests and invitations that may affect folder access.
How SharePoint Folder Permissions Work
SharePoint uses inheritance to manage permissions. When you create a folder inside a document library, the folder automatically gets the same permissions as the library. This is called inherited permissions. If you break this inheritance, the folder gets unique permissions that override the library settings.
When inheritance is broken, the folder no longer follows changes made at the library or site level. For example, if you add a new member to the site, that person will not automatically get access to a folder with unique permissions. You must grant access to that folder separately.
SharePoint has three permission levels that matter most for folder access: Read, Contribute, and Full Control. Read allows viewing and downloading files. Contribute allows adding, editing, and deleting files. Full Control allows managing permissions, deleting the folder, and changing settings.
Permissions can be granted directly to users or to Microsoft 365 groups, SharePoint groups, or security groups. A user may have access to a folder through multiple paths. The checklist below helps you identify every path.
Checklist: Step-by-Step to Find Who Has Access to a SharePoint Folder
Follow these steps in the order shown. Each step reveals a different layer of access. Perform all steps for a complete picture.
- Open the document library
Navigate to the SharePoint site and open the document library that contains the folder. Click the library name in the left navigation or from the site contents page. - Locate the target folder
Browse or search to find the folder. Do not open the folder yet. Hover over the folder name to see the check box and the three-dot menu. - Open the Manage access panel
Click the three dots (ellipsis) next to the folder name. Select Manage access from the menu. The panel slides in from the right. This panel shows everyone who has direct access to this folder, including users and groups granted access through the Share button or the folder permissions page. - Check for unique permissions
At the top of the Manage access panel, look for the message that says This item has unique permissions. If you see this message, the folder permissions are broken from the library. If you do not see this message, the folder inherits permissions from the library. Click Advanced settings at the bottom of the panel to open the classic permissions page. - Review the classic permissions page
On the classic permissions page, you see a list of all users and groups with permissions on this folder. The column Permission Levels shows what each entity can do. Look for groups like Members, Visitors, or custom groups. Note that Microsoft 365 groups also appear here. If the folder has unique permissions, you see a link that says Stop Inheriting Permissions or Delete Unique Permissions. If you see Inherited next to the folder name, the folder uses library permissions. - Check the library permissions
While still on the classic permissions page, click the breadcrumb link that shows the library name. This takes you to the library permissions page. Here you see the permissions inherited by all folders that have not broken inheritance. Note any groups that have access to the library. Users in these groups can access your folder unless the folder has unique permissions that explicitly deny them. - Use the Check Permissions tool
From the site home page, click the gear icon and select Site permissions. In the ribbon, click Check Permissions. Type the name or email of a user or group you want to test. Click Check Now. The tool shows exactly what the user can access at the site level. To test folder access, you need to know the folder URL and check the permissions page for that folder. The Check Permissions tool works at the site level only. - Review access requests and invitations
In the Site permissions page, click Access requests and invitations. This shows pending requests from people who asked for access. It also shows invitations sent to external users. These pending items may grant folder access once approved. - Check sharing links
In the Manage access panel, look for the section labeled Links. This shows any sharing links created for the folder. Links can be Anyone with the link, People in your organization, People with existing access, or Specific people. A link set to Anyone gives access to anyone who has the link, even people outside your organization. Click the link to see its settings and remove it if needed. - Document your findings
Create a simple table or spreadsheet listing each folder, whether it has unique permissions, which users and groups appear on the permissions page, and any active sharing links. Update this document whenever permissions change.
If You Cannot See Folder Permissions
I do not see the Manage access option for a folder
You need at least Contribute permissions on the library to see the Manage access option. If you are a site visitor with Read permission, you cannot manage or view folder permissions. Ask a site owner or site collection administrator to grant you Contribute or Full Control permissions on the library.
The Manage access panel shows no users
This happens when the folder inherits permissions from the library. The panel shows only direct access grants. Because no direct grants exist, the panel is empty. Check the library permissions page to see who has access through inheritance.
I see a user in the library permissions but they cannot open the folder
The folder may have unique permissions that exclude that user. Open the folder permissions page and check for unique permissions. If the folder has unique permissions, the user must be added explicitly to that folder.
External users appear in the Manage access panel but should not have access
External sharing may be enabled at the site or organization level. To remove an external user, click their name in the Manage access panel and select Remove direct access. Then check the sharing link section to see if an Anyone link exists. Remove that link as well.
Inherited vs Unique Permissions: Key Differences
| Item | Inherited Permissions | Unique Permissions |
|---|---|---|
| Permission source | Library or site level | Folder level only |
| Manage access panel message | No unique permissions message | Shows “This item has unique permissions” |
| User addition method | Add user to library or site group | Add user directly on folder permissions page |
| Permission changes propagate | Changes at library level apply to folder | Changes at library level do not apply |
| Best for | Simple libraries with uniform access | Folders containing sensitive or restricted content |
Use inherited permissions when all folders in a library need the same access rules. Use unique permissions when a specific folder must be more restrictive or more open than the rest of the library.
Now you can systematically check who has access to any SharePoint folder. Start with the Manage access panel, then verify unique permissions on the classic permissions page, and finish by reviewing sharing links and library-level groups. For ongoing control, schedule a monthly review of folders with unique permissions and remove stale sharing links. Use the Check Permissions tool to spot-check users after making changes.