You remove a user from a SharePoint site or OneDrive folder, but their direct permissions reappear hours or days later. This happens because OneDrive for Business syncs permission changes from the site collection, and the removal may not propagate fully if the user still has access through a group or if the change was not saved correctly. This article explains the root cause of reappearing permissions and provides a step-by-step fix to permanently remove a user’s direct access to a OneDrive for Business folder.
Key Takeaways: Stop Direct Permissions from Returning After User Removal
- SharePoint admin center > Active sites > site permissions: Remove the user from site-level permissions, not just folder-level permissions, to prevent re-propagation.
- OneDrive folder > Share > Stop sharing: Use the Stop sharing button to revoke all direct access to a specific file or folder.
- Microsoft 365 admin center > Users > Active users > user properties: Check if the user is still a member of a Microsoft 365 group that owns the site; group membership overrides individual removal.
Why Direct Permissions Reappear After Removing a User
When you remove a user’s direct permissions from a OneDrive for Business folder, the change is written to the SharePoint site collection’s permission database. If the user still has access through a SharePoint group, a Microsoft 365 group, or an inherited permission from the parent site, the system may reapply the user’s direct permissions during the next permission sync cycle. This is not a bug; it is by design. SharePoint recalculates permissions every time a user accesses a resource, and if the user has any valid path to the folder, the system may restore their direct entry to simplify access evaluation.
The most common cause is removing the user only at the folder level while they still have access to the parent site or are a member of the site’s Owners, Members, or Visitors group. Another cause is removing the user from a folder that has unique permissions, but the user still has access through a parent folder that uses inherited permissions. Finally, if the user is a member of a Microsoft 365 group that owns the OneDrive site, removing their direct permissions will not revoke their access because the group membership remains intact.
Steps to Permanently Remove a User’s Direct Permissions from OneDrive
Follow these steps in order. Do not skip any step. If the user’s permissions return after completing the steps, proceed to the next section for additional troubleshooting.
- Remove the user from the site collection permissions
Open the SharePoint admin center at admin.microsoft.com. Go to Active sites and select the OneDrive site that contains the folder. Click Permissions in the command bar. Under Site permissions, find the user and click Remove user permissions. Confirm the removal. This removes all access the user had through the site itself. - Break permission inheritance on the folder if it is inherited
Navigate to the OneDrive folder in a web browser. Click the gear icon and select Folder permissions. If the page shows Inherited permissions, click Stop Inheriting Permissions. Then remove the user again from the folder’s direct permission list. Confirm the change. - Stop sharing the folder explicitly
In the OneDrive folder, click the Share button. At the bottom of the sharing dialog, click Stop sharing. This revokes all sharing links and direct access for everyone except the owner. Then reshare the folder only with the intended users. - Remove the user from any Microsoft 365 group that owns the site
Open the Microsoft 365 admin center. Go to Users > Active users. Select the user and click the Groups tab. Look for any Microsoft 365 group that is listed as the owner or member of the OneDrive site. Click Remove from group. Confirm the removal. - Clear the user’s browser cache and sign out
Instruct the user to clear their browser cache and cookies, then sign out of all Microsoft 365 apps. They should sign back in after 15 minutes. This forces the permission recalculation to pick up the latest changes.
If the User’s Permissions Still Return After Removal
The user is still listed in a SharePoint group
Go to the site collection’s Site permissions page. Under SharePoint groups, check the Owners, Members, and Visitors groups. If the user is a member of any of these groups, remove them. Group membership overrides individual permission removal. After removing the user from the group, repeat the folder-level removal steps.
The user has access through a sharing link
In the OneDrive folder, click the Share button and then Manage access. Look for any sharing links that include the user. Remove those links. Also check for People in your organization links, which grant access to everyone. If such a link exists, delete it or change it to Specific people.
Permission propagation delay
SharePoint permission changes can take up to 24 hours to propagate fully. If you removed the user less than 24 hours ago, wait and check again. To speed propagation, you can trigger a permission recalculation using SharePoint Online Management Shell. Run Set-SPOSite -Identity to force a refresh, though this is rarely necessary.
Removing a User from OneDrive Folder: Manual Removal vs Stop Sharing
| Item | Manual removal from folder permissions | Stop Sharing button |
|---|---|---|
| Scope | Removes the user’s direct permission entry only | Revokes all sharing links and direct permissions for all non-owners |
| Effect on group access | Does not remove group-based access | Does not affect group membership, but blocks all shared access |
| Reappearance risk | High if user still has site-level or group-level access | Low because all sharing is severed |
| Best used when | You want to remove one user while keeping other shared users | You want to completely reset the folder’s sharing state |
Use the Stop Sharing button first to reset the folder, then add back only the users who need access. This eliminates the risk of leftover permission entries.
You can now permanently remove a user from a OneDrive for Business folder without worrying about their direct permissions returning. After removing the user, check the site collection permissions and Microsoft 365 group memberships to confirm no residual access remains. For a fast cleanup, use the Stop Sharing button before re-adding authorized users. As an advanced tip, create a SharePoint permission level called “No Access” and assign it to users you want to block completely; this overrides any inherited permissions.