4 Quick Tips to Understand SharePoint Permission Hierarchy


It can be very frustrating sometimes, not being able to access certain content in SharePoint for an end user. To avoid this, basic understanding of permission levels is crucial. Permission levels are used throughout the entire SharePoint organisation to provide access, from an item level all the way up to a site collection.

Most of the time if you’re not getting access to specific content, it’s because of the permission level that you’ve been provided.

I will try to explain how SharePoint permission hierarchy works in a very simple way to give some understanding from an end users point of view. This will also give you some understanding of the SharePoint structure as well. You may have already been granted permissions to a certain subsite and may be wondering why you still cannot access to another level or subsite within the same site collection.

  1. SharePoint permissions work like Windows folder and file permissions

Like Windows files and folders SharePoint objects inherit permission from parent to child. Permission hierarchy starts at the top of the site collection. So, if we have multiple site collections, each site collection has its own individual permission levels to work with which by default are inherited from the top level to the item level. 

  1. Permission inheritance traverses all the way down through the permission hierarchy

As seen in the diagram within the site collections, we have subsites. Within subsites, we have list and libraries. Within lists and libraries, we may have folders, and in folders, we may have list items or documents. By default, we have permission inheritance that is carried from site collection to the list items/documents level.

Site collection determines what permission levels are available at the different levels.

  1. What happens if anywhere along this hierarchy we break the permissions?

If we have created unique permissions (as in SubSite 3 in the diagram) means we’ve actually broken the inheritance, meaning all other subsites/lists/libraries underneath will inherit from this. So we’re no longer inheriting permissions from the site collection level.

What happens next? SubSite 4 is now inheriting the permissions that we defined at SubSite 3, which means folders, lists and libraries under SubSite 4 are inheriting from SubSite 4.

It’s a permission hierarchy that continues from top to the bottom level unless you break the inheritance. So, you may be in one of the Sub Sites, then all of a sudden, you try to go to a list or a library and you can’t access it. Well, it’s because you don’t have the appropriate permissions because someone has broken the inheritance.

  1. How do I get an access to a certain library?

When you’re trying to work with content in SharePoint, if you’re not getting access to this specific content, now you know it’s because of the permission levels. As an end user in a collaboration environment, there is not much you can do about this other than sweet-talking site owners or site collection administrators into giving you permissions to that list or library as they are the ones who control the level of inheritance and permissions.

A word of warning: Too many unique permission items at the same level can slow things to a halt.

Derya Sousa
12 Jan 2017