When you open the Advanced Permissions Settings page for a SharePoint site, the standard permission levels such as Contribute, Read, and Full Control may not appear. Instead, you see only a blank list or a few custom levels that were created manually. This problem typically occurs because the site is connected to a Microsoft 365 group that overrides the traditional SharePoint permission model. In a group-connected site, SharePoint hides the default permission levels and relies on the group membership roles instead. This article explains why the permission levels disappear and provides the exact steps to restore and manage them when needed.
Key Takeaways: Restoring Missing Permission Levels in Group-Connected Sites
- SharePoint admin center > Active sites > Site address > Permissions: Use the Break Inheritance button to disconnect the site from the Microsoft 365 group permission model.
- Site Settings > Site Permissions > Permission Levels: After breaking inheritance, the default permission levels reappear and can be edited or deleted.
- Microsoft 365 group membership: Group owners map to SharePoint Full Control, group members map to Contribute, and visitors map to Read; these roles hide the traditional levels.
Why Permission Levels Disappear in Group-Connected Sites
When a SharePoint site is connected to a Microsoft 365 group, the site inherits its permissions from the group. In this model, SharePoint hides the standard permission levels from the Advanced Permissions page. The group roles control access: Group Owners get Full Control, Group Members get Contribute, and Group Visitors get Read. SharePoint does not show these levels in the Permission Levels list because they are managed entirely through the group. This design prevents accidental changes that could break the group permission mapping. The missing levels are not a bug; they are a deliberate feature of the group-connected site architecture. To see or modify the default levels, you must first break permission inheritance from the group.
How Group Permissions Map to SharePoint Levels
The mapping between Microsoft 365 group roles and SharePoint permission levels is fixed and cannot be customized through the SharePoint UI. Group Owners receive the Full Control level, Group Members receive the Contribute level, and Group Visitors receive the Read level. When you add or remove members from the group, SharePoint automatically updates the corresponding permissions on the site. This synchronization is what causes the Permission Levels page to appear empty — the levels are there but are hidden from the user interface to prevent conflicts. If you need a different level, such as Design or Approve, you must break inheritance and assign those levels manually.
Steps to Restore and Manage Missing Permission Levels
- Open the Site Permissions page
Navigate to your SharePoint site. Click the gear icon in the top-right corner to open Settings. Select Site Permissions. This opens the Permissions page that shows the current permission groups and inheritance status. - Check inheritance status
On the Permissions page, look for a message that says This site inherits permissions from its parent or This site has unique permissions. If it says inherits, the site is connected to a Microsoft 365 group. If it says unique, the site already has broken inheritance and the levels should be visible. - Break permission inheritance
To break inheritance, click Break Permissions Inheritance in the ribbon at the top of the Permissions page. A confirmation dialog appears. Click OK. The site now has unique permissions and the default levels will appear in the Permission Levels list. - Verify the permission levels
On the Permissions page, click Permission Levels in the ribbon. The standard levels should now be visible: Full Control, Design, Contribute, Read, Approve, and others. If they are still missing, proceed to the next step. - Restore default permission levels if still missing
If the levels are still absent after breaking inheritance, you can restore them using SharePoint Designer or PowerShell. For SharePoint Online, use the SharePoint Online Management Shell. Run the commandRestore-SPOSitePermissionLevel -Identity "https://yourtenant.sharepoint.com/sites/yoursite" -PermissionLevel "Contribute". Replace the URL and level name as needed. This command restores a single default level. Repeat for each missing level. - Assign custom permission levels
After the levels are visible, you can assign them to users or groups. Go back to the Permissions page, click Grant Permissions. In the dialog, type the user or group name, then select the desired permission level from the drop-down list. Click Share. The user now has the assigned level.
If Permission Levels Still Do Not Appear After the Main Fix
Permission levels are missing on a site that already has unique permissions
If the site already has unique permissions but the levels are still missing, the default levels may have been deleted accidentally. SharePoint allows administrators to delete default permission levels. To restore them, you must use PowerShell as described in step 5 above. There is no UI option to recreate a deleted default level. If you do not have PowerShell access, contact your tenant administrator or open a support ticket with Microsoft.
Custom permission levels are not visible to site visitors
After restoring levels, you may find that custom permission levels are not available when sharing a document or folder. This happens because custom levels must be explicitly assigned to the user or group. They do not automatically appear in the sharing dialog. To make a custom level available, grant it directly to the user through the Site Permissions page, not through the Share button on a document.
The Permission Levels page shows only one level
If only a single level appears, such as Full Control, the site may be a hub site or a root site collection that has a limited set of default levels. Hub sites inherit a restricted permission model. To see all levels, check the site collection features. Go to Site Settings > Site collection features. Ensure the feature Limited-access user permission lockdown mode is not active. If it is active, deactivate it and refresh the Permission Levels page.
Group-Connected Site vs Classic Site: Permission Level Behavior
| Item | Group-Connected Site | Classic Site |
|---|---|---|
| Default levels visible | No (hidden until break inheritance) | Yes, always visible |
| Permission inheritance | Inherits from Microsoft 365 group | Inherits from parent site or unique |
| Custom levels allowed | Yes, after breaking inheritance | Yes, at any time |
| Group role mapping | Fixed: Owner/Full Control, Member/Contribute, Visitor/Read | No mapping; direct assignment |
| PowerShell restore needed | Occasionally if levels deleted | Rarely, only if deleted |
You can now restore missing permission levels and manage custom access on any group-connected SharePoint site. Start by breaking inheritance from the Microsoft 365 group to expose the default levels. If levels remain missing, use PowerShell to restore them individually. For ongoing management, consider creating custom permission levels only after breaking inheritance, and always assign them through the Site Permissions page rather than the sharing dialog. This approach ensures consistent access control across your site.