How to Manage SharePoint Access: Enhance Security & Efficiency
Assigning and managing the SharePoint access for verified users is a critical responsibility for an organization’s Admin. When it comes to managing roles and access across the SharePoint sites, it can become a complex and time-consuming task for the admin. Without proper access control, data security will be affected. To address this, we’ll walk you through how to give access to SharePoint, how to manage SharePoint access, and best practices to keep your environment secure from unauthorized access.
Why SharePoint Access Management Matters?
Properly managing access in SharePoint is a crucial task for many reasons, i.e.
- Helps to avoid unauthorized or external user access to confidential information.
- Makes collaboration with internal and external users seamless and boosts productivity.
- Helps to control data integrity and version history.
- Helps to make the onboarding and offboarding tasks in a large SharePoint environment efficient.
By ensuring the right people have the right access, you can guarantee robust data security and real-time collaboration.
Types of Permissions in SharePoint
SharePoint offers several permission levels to control access. Understanding all of them is essential if you want to learn how to manage SharePoint access effectively. Here are some main types of SharePoint permissions:
- Full Control(Admin-level access): Access to manage settings, users, and permissions across all the SharePoint sites, even in different SharePoint environments.
- Edit: You only have access to add, edit, and delete content from assigned sites.
- Contribute: This permission level gives privilege to add and edit content, but cannot delete any section or content.
- Read: Users can view content but are prevented from making changes. This level of permission mainly applies to critical data to safeguard it from external users for accidental or intentional modification. However, it allows users to download and list items.
- View Only: Privilege to view content only. Downloading, listing, and sharing are not allowed.
Expect these default permissions, the admins can create custom permissions according to their preferences and the organization’s needs. Additionally, you can assign permissions at different levels for better SharePoint access management:
- Site level
- Library or list level
- Folder or document level
Let’s learn how to do so!
Read Also: SharePoint Site vs. Page vs. Web Parts
How to Give Access to SharePoint Sites?
Before moving how to manage SharePoint access, let’s explore how to give access to SharePoint sites for both internal and external users:
For Internal Users:
- Open your SharePoint site.
- Hit the Settings gear icon > Site permissions.
- Select Invite people > Add members to group.
- Provide the details (names or emails) of users to invite.
- Choose the appropriate permission level: Full Control, Edit, or other.
Use PowerShell Scripts to automate the task:
Change “Grant read access to the site” according to your preferences, like “Grant edit access to the site.”
For External Users:
- In the SharePoint Admin Center, enable the external sharing for the site.
- Afterward, follow the same steps 1, 2 & 3 as for internal users.
- Now, enter the external email address (e.g., [email protected]) and assign permissions.
- After that, a link is delivered to the external user’s email to access the SharePoint site.
- The external user has to click on that link for Microsoft authentication.
- When authentication is done, an external user will easily access the assigned SharePoint site.
PowerShell Scripts:
After assigning the permissions to both internal and external users, our next step is to understand the SharePoint access management procedure. Let’s explore!
How to Manage SharePoint Access – Sites
Managing SharePoint access is a time-consuming task, but it is necessary as it helps in avoiding this type of error, i.e., Why is SharePoint Online So Slow? With the instructions below, we can make this seamless:
Solution 1. Manual Access Management
Here are the steps to manually manage assigned SharePoint permissions to the users/groups:
- Access the SharePoint site for managing access.
- In the top-right corner, hit the gear icon > Site Permissions, and then several options prompt for sharing and access control.
- Select the Advanced Permissions Settings if you need more granular control(optional).
- To add users or groups to the specific site, click on Invite people option.
- Give the appropriate permissions, e.g., read, edit, or Full Control access.
- Under Permissions, you can change the access level for an existing user or group by selecting the user/group > Edit User Permissions.
- Use Remove User Permissions to unassign the permissions to a specific user or group.
- For assigning unique permissions to that site, which is inheriting permissions from a parent site, click Stop Inheriting Permissions. This helps you to manage access at the site level separately from the parent site.
Solution 2. How to Manage SharePoint Access Automatically Via Power Automate
We can manage the SharePoint access task automatically using Power Automate. The steps are as follows:
- Open: https://flow.microsoft.com/.
- Click Create > Automated cloud flow
- Choose a trigger according to your preferences, e.g., when a new response is submitted (for Forms) or when a new item is created (for SharePoint list).
- Add action “Get Response Details” as per your needs.
- Search for SharePoint > Grant access to an item or folder.
- Now set: Site Address, Item ID, Recipient Email & Permission Role.
(Optional) Add Condition:
- Add a Condition to handle both internal & external users.
- For external: use SharePoint, and invite an external user to the site action.
- Save the flow.
- Lastly, trigger the flow and verify whether automatic access granting is working or not.
Solution 3. Use Azure AD Dynamic Groups for SharePoint Access Management
Azure AD Dynamic Groups play a crucial role in how to manage SharePoint access, helping to manage assigned permissions to different levels of employees, like HR, accounts, and others.
- Open this https://aad.portal.azure.com/.
- Go to Groups > + New Group.
- Type: Security.
- Membership type: Dynamic User.
Define Dynamic Membership Rule, e.g., (user.department -eq “Marketing”). This auto-adds anyone whose department is Marketing.
- Now open the SharePoint site > Site permissions.
- Add the Azure AD Group to the site and assign permission (Read/Contribute/etc).
That’s all! Now, anyone new or who changes the position to Marketing will automatically be added to the specified SharePoint site.
Solution 4. PowerShell Scripts
PowerShell scripts help to manage bulk user access and tasks, including onboarding/offboarding. Here are the scripts for SharePoint access management:
Download or Update SharePoint Online Management Shell
For better control, it is better to use SharePoint groups instead of assigning permissions to each individual. In the next section, we will learn how to manage SharePoint access and grant access to a SharePoint folder effectively.
How to Give Access to a SharePoint Folder?
To grant access to a specific folder, follow these instructions:
- Open the Document Library.
- Locate the folder and click the ellipsis (⋯) or right-click.
- Select Manage Access.
- Click Grant Access or Share.
- Enter the user’s email address.
- Choose permission level (View, Edit).
- Optional: Add a message and click Send.
Important: For adding custom folder-level permissions, you have to stop inheritance.
How to Manage SharePoint Access – Folders
SharePoint access management for folders is different from managing sites. Here’s how:
Solution 1. Manual Management
- Open the SharePoint folder > Manage Access.
- Under Direct Access or Links Giving Access, several options are available i.e. Remove a user, Change permission level, View who has access and how.
- Click Advanced for more granular control.
For resetting permissions, choose to re-inherit permissions from the parent folder.
Solution 2. Power Automate
- Go to https://flow.microsoft.com/
- Sign in with Microsoft 365 credentials.
- Click Create > Automated cloud flow.
- Choose a Trigger as shown for sites(solution 2).
- Add Get Response Details (if using Forms)
- To fetch who requested access (email address, folder choice).
- Search for the SharePoint connector.
- Choose > Grant access to an item or a folder, and configure them properly, i.e., Site Address, Library Name, and others.
Break Permission Inheritance:
- Go to the folder.
- Click > Manage Access > Advanced > Stop Inheriting Permissions.
- Submit a test request.
Solution 3. How to Manage SharePoint Access Using PowerShell Scripts
How to Give Access to a SharePoint Library or List Level?
Granting access to the specific SharePoint library or lists is complex than sites or folders. So, it is recommended to follow the steps carefully, and then you can easily perform SharePoint access management task:
- Access a SharePoint Site.
- Open the Library or List, for example: Documents.
- Hit the Settings option > Library Settings or List Settings.
- Go to Permissions for this Library/List:
- Important: Click Stop Inheriting Permissions
- Click Grant Permissions.
- Enter the user’s email or group name.
- Choose permission level: Read, edit, or other.
- Click Share.
Using Power Automate (Automated Method)
You can also automate giving access to a Library or List using Power Automate:
- Create a Flow in Power Automate.
- Choose a Trigger (Form submitted)
- Add Action: Search SharePoint > Use “Grant Access to an Item or Folder”.
- The “Item” you specify is the Root Folder of the Library/List.
- Specify prompted Fields: Site Address, Library Name, and others.
Using PowerShell (Bulk Access Method)
Using PnP PowerShell, we can automate this time-consuming task. For the same, follow these steps:
This will assign the user access only at the library level, not the entire site or folder.
How to Manage SharePoint Access – Library or List Level
Here are the step-by-step guidelines to manage the access permissions to the specific SharePoint Library/List Level:
Solution 1. Manual SharePoint Access Management
- Go to the SharePoint Site.
- Open the Library or List to manage.
- Click on Settings > Library Settings or List Settings.
- Click Permissions for this document library or list.
- Check Permission Inheritance:
- If you see “This library/list inherits permissions from its parent,” click: Stop Inheriting Permissions.
- Manage User Access: Grant Access, Remove Access & Edit Permissions
These steps help you to control access specifically for the library/list, without affecting the site or other libraries.
Solution 2. Power Automate
You can automate how to manage SharePoint access at the Library or List level. Follow the same steps as discussed in the sites section, just change Trigger, Action, and Target to the Root Folder of the Library/List.
Solution 3. PowerShell
Troubleshooting SharePoint Access Issues
After granting permissions to several users, if anyone finds that they can’t access the site, folder, or an error occurs, like SharePoint list not showing all items, then follow these steps to troubleshoot:
- Double-check permission inheritance.
- Make sure the account they are using is assigned.
- Use the “Check Permissions” feature in advanced settings to troubleshoot.
Best Practices for SharePoint Access Management
Following the best practices for how to manage SharePoint access will enhance control across all the SharePoint sites:
- To save time, create groups and assign permissions to groups instead of individuals. This makes the management of even large sites quick.
- Periodically check whether the authorized users access the critical sites, or any external user accessing the same. This step is necessary for security reasons.
- Grant access to limited external users to track activity. It is suggested to enable expiration dates for shared links.
Final Thoughts
Managing access in SharePoint doesn’t have to be complicated. But the condition is that we have a clear insight into the SharePoint structure, and the step-by-step instructions on how to manage SharePoint access, including sites, folders, and libraries/lists. In this guide, we discussed all these SharePoint access management queries, with best practices to maintain a well-structured SharePoint environment.