You are listed as a site owner in SharePoint, but when you try to open the site you see an Access Denied error instead of the site content. This problem occurs because SharePoint permissions are separate from the Microsoft 365 group membership that grants site owner rights. The site owner role may not have propagated correctly, or a secondary permissions layer such as unique permissions or a sharing policy is blocking access. This article explains the exact root cause of this permission mismatch and provides step-by-step fixes to restore access.
Key Takeaways: Access Denied for Site Owner
- SharePoint admin center > Active sites > Site permissions: Check and reassign the Full Control permission level to the user.
- Microsoft 365 admin center > Groups > Group membership: Verify the user is listed as a member of the Owners group, not just a member.
- Site Settings > Site permissions > Check permissions: Use this tool to see exactly which permission level the user has on the site.
Why a Site Owner Sees Access Denied
SharePoint sites created from a Microsoft 365 group use group membership to assign site owner rights. When you add a user to the Owners group of the Microsoft 365 group, SharePoint automatically grants that user the Full Control permission level on the site. However, this synchronization is not instant. A delay of up to 24 hours can occur before the permission change takes effect. During that window, the user sees Access Denied even though they appear as an owner in the group.
A second common cause is that the site uses unique permissions. If a site owner or administrator broke permission inheritance and removed the default group-based permissions, the Microsoft 365 group Owners group no longer has access. The user might still be listed as a site owner in the group but has no direct permission entry on the site.
A third cause is a sharing policy restriction. SharePoint admin center policies can block external users or restrict access to specific security groups. If the site owner account is subject to a conditional access policy or an IP restriction, the user is denied even with correct permissions.
Permission Inheritance and Group Synchronization
SharePoint sites associated with Microsoft 365 groups inherit their permission structure from the group. The group has three roles: Owners, Members, and Guests. When you add a user to the Owners role, SharePoint creates a corresponding permission entry with Full Control. If inheritance is broken, that automatic entry is removed. The user retains the group role but loses site access.
To confirm whether inheritance is broken, go to Site Settings > Site permissions. If the button labeled Delete unique permissions appears, inheritance is broken. If the button says Inherit permissions, the site uses group permissions normally.
Steps to Fix Access Denied for a Site Owner
- Verify group membership in Microsoft 365 admin center
Open the Microsoft 365 admin center at admin.microsoft.com. Go to Teams and groups > Active teams and groups. Select the Microsoft 365 group that owns the site. Under the Membership tab, check that the affected user appears in the Owners list. If the user is only in Members, add them to Owners. Wait 15 minutes and test access again. - Check site permissions in SharePoint admin center
Open the SharePoint admin center at admin.microsoft.com/sharepoint. Go to Active sites and select the site. Click the Permissions tab. Under Site admins, confirm the user is listed. If not, click Add site admins and add the user directly. This bypasses group synchronization and grants immediate Full Control. - Use Check Permissions tool on the site
From the site home page, click the gear icon and select Site permissions. Click Check permissions. Enter the user email and click Check now. The tool shows the exact permission level the user has. If it shows No permissions, proceed to step 4. - Restore permission inheritance if broken
Go to Site permissions > Advanced permissions settings. On the ribbon, click Delete unique permissions. A confirmation dialog appears. Click OK. The site now inherits permissions from the parent site or the Microsoft 365 group. The user should gain access within a few minutes. - Grant Full Control directly if inheritance must remain broken
If you need to keep unique permissions, go to Site permissions > Advanced permissions settings. Click Grant Permissions. Add the user email and select the Full Control check box. Click Share. The user now has direct permission on the site. - Review SharePoint admin center sharing policies
In the SharePoint admin center, go to Policies > Sharing. Check that external sharing is set to a level that allows the user. If the user is external, set external sharing to Anyone or New and existing guests. Also check Conditional Access policies in Azure AD that might block the user based on location or device.
If Access Denied Still Appears After the Main Fix
Access Denied for a Site Owner Who Was Recently Added
When you add a user to the Microsoft 365 group Owners role, the permission change can take up to 24 hours to sync to SharePoint. During this time, the user sees Access Denied even though they appear as an owner in the group. To work around this delay, add the user as a site admin directly in the SharePoint admin center as described in step 2. This grants immediate access without waiting for group sync.
Access Denied for a Site Owner Who Can Access Other Sites
If the user can access other SharePoint sites but not this one, the problem is site-specific. Check whether the site is in a different geography. SharePoint Multi-Geo environments require the user to have a license in the geography where the site resides. Verify the user license location matches the site data location.
Access Denied for a Site Owner Who Is Also a Global Admin
Global admins have access to all SharePoint sites by default. If a global admin sees Access Denied, the site might have a site lock or a restricted access policy. Go to SharePoint admin center > Active sites and select the site. Check the Site status. If it shows Read-only or No access, unlock the site. Also check if the site is under a retention policy that blocks write access.
Site Owner Access Denied: Permission Types Compared
| Item | Microsoft 365 Group Role | Direct SharePoint Permission |
|---|---|---|
| Permission level granted | Full Control | Full Control, Edit, or Read |
| Sync delay | Up to 24 hours | Immediate |
| Affected by broken inheritance | Yes — group permission is removed | No — direct entry remains |
| Management location | Microsoft 365 admin center | SharePoint site settings |
| Best for | Teams-connected sites | Sites with unique permissions |
After applying the fix, you can confirm the user now has access by asking them to open the site URL. If the issue persists, use the Check Permissions tool again to verify the permission level. The most reliable method for immediate access is adding the user as a site admin in the SharePoint admin center. For long-term management, keep group membership as the primary permission source and avoid breaking inheritance unless required.