You need to share a document library with external reviewers but want to prevent them from editing files. The default sharing links in SharePoint allow view or edit access, but there is no built-in review-only link that blocks editing while permitting comments and viewing. This article explains how to create a review-only link for a document library by combining SharePoint sharing settings with a custom permission level. You will learn the exact steps to set up a link that grants read and comment access without allowing file modifications.
Key Takeaways: Setting Up a Review-Only Link in SharePoint
- Custom permission level “Review”: Grants Read and Open permissions but removes Edit, Delete, and Add items so reviewers cannot modify files.
- SharePoint admin center > Sharing: Allows external sharing for authenticated users, which is required before the review link works for external reviewers.
- Document library > Permissions > Stop Inheriting Permissions: Breaks inheritance so you can apply the custom Review permission level to a specific group of reviewers.
How SharePoint Sharing Links Work and Why Review-Only Is Not Default
SharePoint sharing links are generated with a permission level attached: View, Edit, or Full Control. When you create a link for a document library, you can choose to allow editing or restrict to viewing only. The Edit link grants add, edit, and delete permissions on the library. The View link prevents all modifications, including comments. There is no built-in link that allows a reviewer to view and comment but not edit files.
To create a review-only link, you must create a custom permission level that includes Read and Open permissions but excludes Edit, Delete, and Add items. Then you apply that permission level to a SharePoint group or a specific set of users. Finally, you generate a sharing link that uses that group. This approach works for internal reviewers and external authenticated users who sign in with a Microsoft account or a guest account from Azure AD B2B collaboration.
Prerequisites for Creating a Review-Only Link
Before you begin, verify that your SharePoint environment meets these requirements:
- You have SharePoint administrator access to the tenant or site collection.
- External sharing is enabled at the tenant level and at the site level. In the SharePoint admin center, go to Policies > Sharing and set external sharing to “Authenticated users only” or “Anyone with a link” if you want to allow unauthenticated access.
- The document library is not set to read-only for all visitors. You must be able to break permission inheritance on the library.
Steps to Create a Custom Review Permission Level and Generate a Review-Only Link
Follow these steps to create a review-only link for a document library. Each step includes the exact menu names and button labels you need to use.
- Open the SharePoint admin center and enable external sharing for the site.
Go to SharePoint admin center > Active sites. Select the site that contains the document library. Click Policies and then Edit external sharing. Choose Authenticated users only or Anyone with a link depending on your security requirements. Click Save. - Navigate to the document library and break permission inheritance.
Open the site and go to the document library. Click the gear icon and select Library settings. Under Permissions and Management, click Permissions for this document library. On the ribbon, click Stop Inheriting Permissions. Confirm by clicking OK. - Create a new permission level named “Review”.
Go to Site settings (gear icon) > Site permissions. On the ribbon, click Permission Levels. Click Add a Permission Level. Name it Review. In the List Permissions section, check only these boxes: Read, Open, View Items, View Versions, View Pages. In the Site Permissions section, check Browse User Information and Use Remote Interfaces. Do NOT check any permission that allows adding, editing, or deleting items. Scroll down and click Create. - Create a SharePoint group for reviewers and assign the Review permission level.
Go back to Site permissions and click Create Group. Name the group Reviewers. Set the group owner to yourself. In the Give this group permissions to the site section, select Review from the dropdown. Click Create. - Add users to the Reviewers group.
Open the Reviewers group. Click New and add the email addresses of the reviewers. For external reviewers, they must already be invited as guests in Azure AD or you can add them now and they will receive an invitation. Click Share. - Generate a sharing link that uses the Reviewers group.
Go back to the document library. Select one or more files, then click Share. In the sharing dialog, click the gear icon next to the link type. Choose Specific people. In the field, type Reviewers and select the group from the dropdown. The link will automatically grant the permission level assigned to the group, which is Review. Click Send or copy the link. - Test the review-only link.
Open a private browser window or sign in with a test account that is a member of the Reviewers group. Click the link. Verify that you can view and download files but cannot edit or delete them. Try to upload a new file or edit an existing one to confirm that the permission level blocks these actions.
Common Issues After Setting Up a Review-Only Link
Reviewers Cannot Open the Document Library Link
If external reviewers see an access denied message, check that external sharing is enabled at the site level and that the site is not set to a more restrictive sharing policy. Also verify that the reviewers have been added as guests in Azure AD. Go to Microsoft 365 admin center > Users > Guest users to confirm their status.
Reviewers Can Still Edit Documents
If a reviewer can edit files, the custom Review permission level was not applied correctly. Go to the document library permissions and check which permission level the Reviewers group has. It should show Review, not Edit or Contribute. If the group has Edit permission, remove it and assign Review. Also ensure that the library itself does not have unique permissions that override the group permissions.
Review-Only Link Works for Internal Users but Not for External Users
External users must authenticate with a Microsoft account or a work account that has been invited as a guest. If they try to open the link without signing in, they will see a login prompt. If they do not have a Microsoft account, they can create one for free. Alternatively, you can enable the Anyone with a link sharing option, but that removes the authentication requirement and may not be suitable for sensitive documents.
| Item | Default View Link | Custom Review-Only Link |
|---|---|---|
| Permission level used | Read | Custom Review (Read + Open, no Edit) |
| Allows viewing files | Yes | Yes |
| Allows commenting | No | Yes (if comments are enabled on the document) |
| Allows editing files | No | No |
| Requires custom permission level | No | Yes |
| Works with external users | Yes | Yes, with guest accounts |
You can now create a review-only link for any document library in SharePoint. The key steps are creating a custom Review permission level, assigning it to a group, and generating a sharing link that targets that group. For advanced scenarios, consider using Azure AD access reviews to periodically audit who has review access to your libraries. This approach gives you granular control over what external reviewers can and cannot do with your documents.