You open a file in OneDrive on the web and can edit it without any problem. Then you open the same file in the desktop version of Word, Excel, or PowerPoint, and you see a read-only message or a sync error. This mismatch happens because OneDrive for Business uses two separate permission models: SharePoint-based permissions on the web and NTFS file system permissions on the desktop. The web version checks access through SharePoint site permissions, while the desktop app checks the local file’s sync status and Windows file attributes. This article explains why these permission differences occur and how to resolve them so your files behave consistently in both environments.
Key Takeaways: Resolving OneDrive Permission Mismatches
- OneDrive web > Share > Advanced settings: Check and modify SharePoint site permissions for the file or folder.
- File Explorer > Right-click file > Properties > Security: Inspect and adjust NTFS permissions that may block desktop editing.
- OneDrive Settings > Sync and backup > Manage backup: Verify Known Folder Move status, which can lock files if sync is paused.
Why OneDrive Permissions Differ Between Web and Desktop
OneDrive for Business stores files on SharePoint Online. When you access a file through the web browser, the SharePoint permission model applies. That model uses site groups like Owners, Members, and Visitors, plus direct sharing links with View, Edit, or Full Control levels. The web interface checks these permissions every time you open a file.
When you open the same file from the desktop OneDrive sync folder, the Windows file system adds another layer. The local file inherits NTFS permissions from the parent folder and the user account. If the sync process is paused, if the file has the Read-only attribute, or if the local folder has restrictive NTFS entries, the desktop Office app may block editing even though the web allows it.
A common root cause is that the file was synced with an older version of OneDrive that set the local file as Read-only when the web permission was View-only. After upgrading the permission on the web to Edit, the local attribute may not update automatically. Another cause is that the file is checked out by another user in SharePoint, which locks the file on the desktop but not always on the web.
Steps to Diagnose and Fix Permission Mismatches
Follow these steps to identify where the permissions differ and to align them.
- Check the SharePoint permission on the web
Open the file in OneDrive on the web. Click the Share button in the top-right corner. In the sharing panel, click the small gear icon labeled Manage access. Review the list of users and groups. Look for your own name and verify that the permission level is Edit or Full Control. If you see only View or Can Review, click your name and change the permission to Edit. - Check the local file’s Read-only attribute
In File Explorer, right-click the file and select Properties. On the General tab, look at the Attributes section. If the Read-only checkbox is filled or checked, uncheck it and click Apply. If the checkbox is grayed out, the file may have inherited Read-only from its parent folder. Right-click the parent folder, select Properties, uncheck Read-only, and choose Apply changes to this folder, subfolders and files. - Verify NTFS permissions on the local folder
Right-click the folder that contains the file and select Properties. Go to the Security tab. Select your user name in the Group or user names list. In the Permissions for [user] list, make sure the Allow column for Modify and Write is checked. If not, click Edit, select your user, check Modify and Write, then click Apply. - Check if the file is checked out in SharePoint
In the browser, navigate to the library that contains the file. Hover over the file name and click the three dots (More actions). If you see Check In or Discard Check Out, another user or you have checked out the file. Click Check In to release the lock. If you cannot check in, contact the site owner or the user who checked it out. - Reset the OneDrive sync connection
Right-click the OneDrive cloud icon in the system tray. Select Settings > Account > Unlink this PC. After unlinking, restart your computer. Open OneDrive again and sign in with the same work or school account. Allow the sync to complete. This forces OneDrive to reapply the correct NTFS permissions based on the current SharePoint permissions. - Repair Office installation
If the issue persists, the Office app may have a cached permission token. Open Control Panel > Programs and Features. Select Microsoft 365 and click Change. Choose Quick Repair and follow the prompts. After the repair, restart the computer and test the file again.
If OneDrive Still Shows Permission Differences After the Main Fix
Files Open as Read-Only on Desktop but Editable on Web
This is the most common pattern. The cause is usually a stale Read-only attribute on the local file. Open File Explorer, select the file, and press Alt+Enter to open Properties. On the General tab, uncheck Read-only. If the attribute returns after a sync, the file may be synced from a SharePoint library that has a Read-only content type applied. Check the library settings in SharePoint: Library Settings > Advanced Settings > Read-only. Ensure it is set to No.
Files Open as Editable on Desktop but Read-Only on Web
This pattern is rarer and usually indicates that the user has Full Control NTFS permissions locally but only View access on SharePoint. Open the file on the web and click Share > Manage access. Add your own account with Edit permission. Alternatively, ask the site owner to promote you from Visitors to Members in the SharePoint site permissions.
Sync Errors with Error Code 0x80070005 (Access Denied)
Error 0x80070005 means the local Windows account does not have permission to write to the OneDrive sync folder. Right-click the OneDrive folder in File Explorer, select Properties > Security. Check that your user account has Full Control. If not, click Edit, select your user, check Full Control, and apply. Then restart OneDrive.
OneDrive Web Permissions vs Desktop Sync Permissions: Key Differences
| Item | Web (SharePoint) Permission Model | Desktop (NTFS + Sync) Permission Model |
|---|---|---|
| Permission source | SharePoint site groups and sharing links | Windows NTFS ACLs plus OneDrive sync status |
| How editing is blocked | View-only sharing link or site visitor group | Read-only file attribute, NTFS deny entry, or sync pause |
| Permission inheritance | From the SharePoint site or library | From the parent folder in File Explorer |
| Check-out behavior | Blocks web editing for other users | Blocks desktop editing for all users including the checkout user |
| Sync attribute propagation | Not applicable | OneDrive sets Read-only when web permission is View; may not update after permission upgrade |
You can now diagnose and fix permission mismatches between OneDrive on the web and desktop Office apps. Start by checking the SharePoint permission level on the web, then verify the local file’s Read-only attribute and NTFS permissions. If the problem continues, unlink and relink OneDrive to refresh the local permission mapping. For advanced control, consider using SharePoint site permissions instead of individual sharing links to ensure consistent inheritance across both environments.