Last Updated on February 17, 2025
Got some permission issues?
In this guide, let’s talk about troubleshooting permission issues in SharePoint Online and how to fix them.
Let’s get started.
Table of Contents:
1. Access Denied Errors
This is the most common issue I have seen or heard from users.
Well technically, it’s not an issue per se, unless the users believe they have the “correct” permissions.
But this can happen for a few reasons:
- The user actually lacks the appropriate permissions
- There’s broken permission inheritance
- Incorrect group membership (later)
- Authentication issues (like wrong account)
Solution:
First, make sure that the user indeed has the right permissions, and for this, you can use the check permissions tool.
This is hidden in the advanced permissions settings of a site, there’s a button in the ribbon you can click:
That will give you the permissions available to that user or group.
If the user is in a group, that supposedly has the right SharePoint permissions, then check if the user is in that group.
Then, use the check permissions tool again to review that group’s permissions.
For the rest of the causes:
- Check for broken inheritance, if not, try restoring to default permissions
- Review restricted features like limited access lockdown mode (more on this later)
- Try signing out and signing back in
If the issue still persists, you can try granting permissions directly to the user and see how it goes.
But if multiple users have the same problem, you likely need to review site-wide settings.
Sign up for exclusive updates, tips, and strategies
2. Incorrect Group Membership
I mentioned incorrect group membership earlier as users can’t access content if they’re in the wrong group in the first place.
The common causes of this include:
- Well, the user wasn’t added to the correct group during the setup
- Group permissions changed
- Sync delays with Microsoft 365
Solution:
The first step is to verify that the user is indeed in the group that supposedly has access to the content in SharePoint.
Just go to the advanced permissions page of the SharePoint site or content, select the group, and then check if the user is in that list.
If the user isn’t in that list, you can easily add them to the group by clicking New > Add Users:
On the other hand, if the user is already in the group, then you may need to check the group’s permission level.
If there’s a problem with it, simply change the permission of the group:
If all is in order, then it’s likely that the cause is sync delay in which all you can do is wait for the sync to apply.
Make sure that if you make any changes, refresh or restart the browser or sign out and back again to SharePoint.
3. Broken Permission Inheritance
If you’re familiar with this feature, sites, libraries, and lists inherit permissions from their parent by default.
However, when the permission inheritance is broken, there could be access issues.
Common causes here include:
- Assigning unique permissions
- There are changes to the parent permissions
- Someone removed/changed user access at a lower level
Solution:
The first step is to check if the list, document library, or subsite has its inherited permissions broken.
Go to the advanced permissions page and if you still see a button to stop inheriting permissions, then it’s intact.
But if you see a button to “grant permissions”, then the permission inheritance has been broken.
If you want to restore the inheritance, just click the Delete unique permissions button at the side of Grant Permissions.
But if unique permissions were purposely assigned, all you have to do is make sure the user has the necessary permissions.
4. Limited Access User Permission Lockdown Mode
There’s a feature in SharePoint called limited-access user permission lockdown mode that can block users.
You can find it in the site collection features:
When enabled, it will restrict how users with limited access interact with items on the site.
Among these include:
- Users may not be able to open files
- They could see errors when trying to access libraries or lists
- Prevent shared links from working
Solution:
If this is the cause, then all you have to do is deactivate the feature from the site collection features.
After that, have the users refresh their browsers and try again.
You also need to test external and anonymous links to see if they’re working again.
5. Orphaned Users
The last one I want to talk about is orphaned users, those accounts that no longer exist but still have permissions.
Some causes of this include:
- User account removed from Microsoft 365
- SharePoint groups still include the deleted user
- Restored accounts don’t match old permissions
Solution:
The first thing to do is check your site permissions page again and look for users marked as “Unkown”.
I don’t have any screenshots of this but sometimes, you can identify these accounts with outdated email addresses.
However, if the user was re-created, manually grant them access again:
You also need to make sure that the account updates from Microsoft Entra are reflected in SharePoint.
After cleaning things up, test access with active users to confirm that everything works correctly.
Do you have any questions about troubleshooting permission issues in SPO? Let me know below.
For any business-related queries or concerns, contact me through the contact form. I always reply. 🙂
