If you've ever tried to explain SharePoint permissions to a colleague and watched their eyes glaze over, you're not alone. SharePoint's permission model is one of the most powerful things about it — and one of the most confusing. After years of building SharePoint solutions for businesses, I've seen the same five permission disasters happen over and over again.
Here's what they are, why they happen, and exactly how to fix them.
The 5 Most Common SharePoint Permission Disasters
1. "Everyone Can See Everything" — The Inheritance Problem
What happens: Someone creates a new site or library and doesn't touch the permissions. By default, SharePoint inherits permissions from the parent site. If the parent site has broad access, so does everything underneath it.
The fix:
- Go to Site Settings → Site Permissions
- Click Stop Inheriting Permissions
- Remove groups that shouldn't have access
- Add only the groups that should
Pro tip: Always check "Unique Permissions" on sensitive document libraries. Don't rely on site-level permissions alone.
2. "I Can't Access the File My Manager Shared" — Broken Sharing Links
What happens: A manager shares a file using "Specific people" but the recipient gets an "Access Denied" error. This usually happens because the file is in a library with unique permissions that override the sharing link.
The fix:
- Navigate to the file → Click the three dots → Manage Access
- Check if there are conflicting permission levels
- If the library has "Stop Inheriting Permissions" set, the sharing link may not work as expected
- Use Grant Access at the library level instead of relying on sharing links for sensitive libraries
3. "The Whole Team Can Edit — But Only One Person Should" — Wrong Permission Levels
What happens: Everyone in the "Members" group has Edit access by default. Most organisations don't realise this until someone accidentally deletes a critical file.
The fix:
- Create a custom permission level: Site Settings → Permission Levels → Add a Permission Level
- Name it "Contribute (No Delete)" and check all Contribute permissions except Delete Items and Delete Versions
- Assign this to your Members group instead of the default Edit level
This is one of the most underused features in SharePoint and it takes 5 minutes to set up.
4. "The Contractor Can See Salary Data" — Oversharing via Groups
What happens: A contractor is added to the SharePoint Members group for one project. That group has access to multiple site collections. The contractor now has access to data they were never meant to see.
The fix:
- Audit your SharePoint groups: Site Settings → People and Groups
- Use Microsoft 365 Groups for project-specific access rather than adding individuals to site groups
- For contractors, create a dedicated SharePoint group with minimum necessary permissions
- Set an access expiry using Azure AD access reviews (requires Azure AD P2)
5. "I Deleted the Admin by Accident" — Locked Out of Your Own Site
What happens: Someone removes the only Site Collection Administrator while cleaning up permissions. Now nobody can access the admin settings.
The fix (if you have Global Admin access):
- Go to the SharePoint Admin Center
- Find the site collection → Click ... → Manage Admins
- Add yourself or the correct person back as Site Collection Admin
If you don't have Global Admin: You'll need to raise a ticket with your IT team. This is why you should always have at least two Site Collection Admins on every site.
The Permission Audit Checklist (Do This Monthly)
Run through this every month to stay ahead of permission creep:
| Check | How to do it |
|---|---|
| Who are the Site Collection Admins? | Site Settings → Site Collection Administrators |
| Which libraries have unique permissions? | Site Settings → Site Permissions → Check for broken inheritance icons |
| Are there any external users with access? | SharePoint Admin Center → Active Sites → External Sharing column |
| Are guest links still active? | Site Settings → Site Permissions → Access Requests and Invitations |
| Are any users in groups they shouldn't be? | Site Settings → People and Groups → Review each group |
Want a Ready-Made Permissions Governance Template?
If you want to skip the setup work, I've put together a SharePoint Permissions Governance Toolkit that includes:
- A pre-built permissions audit tracker (Excel)
- Custom permission level configurations you can copy directly
- A 30-day governance checklist
- Power Automate flow to alert you when permissions change
Get the SharePoint Governance Toolkit ($29)
Or if you want the full bundle including Power Automate flows:
Get the Complete Microsoft 365 Automation Bundle ($39)
The Bottom Line
SharePoint permissions feel complicated because they are — but the disasters are almost always caused by the same five mistakes. Once you understand inheritance, permission levels, and group management, you can lock down any SharePoint environment in an afternoon.
The most important habit: audit your permissions monthly. Permission creep is silent and slow — by the time you notice it, the damage is already done.
Have a SharePoint permissions horror story? Drop it in the comments — I've seen some truly spectacular disasters and I'm always curious to hear more.
Ready-Made Templates to Save You Hours
If you want to skip the setup time and get straight to results, I have packaged the most useful resources here:
AI Business Automation Prompt Pack ($19) — 50+ ready-to-use AI prompts for Power Automate, SharePoint, and Microsoft 365. Stop starting from scratch.
Microsoft Power Platform Starter Kit ($29) — Complete guide covering Power Automate, Power Apps, Power BI, and Dataverse. Templates, checklists, and real-world use cases included.
SharePoint Intranet Setup Guide ($39) — Step-by-step guide to building a professional SharePoint intranet. Governance framework, page templates, and permission structures included.
Power Automate Flow Templates Pack ($49) — 5 production-ready flows you can import and deploy in under 30 minutes. Includes the onboarding, approval, and reporting flows described in this article.
Top comments (0)