Why are unique folder permissions in SharePoint Online not applying correctly?

In SharePoint Online, unique folder permissions often appear “not applied” because existing item-level permissions are preserved and inheritance behavior is misunderstood. The platform only adds/grants permissions when sharing; it does not automatically remove or tighten existing access.

Key behaviors that explain what is happening:

1. Unique permissions on items inside the folder are not overridden

• If files or subfolders inside a folder already have unique permissions, sharing or re-permissioning the parent folder does not remove those existing permissions.
• Example from the documentation:
  1. Folder A contains two files.
  2. User A has read access to one file and edit access to the other.
  3. An admin shares Folder A with view permissions to User A.
  4. User A opens Folder A via the invite link.
  5. User A can still edit the file where they previously had edit access.
• Reason: “When a user shares a folder that has items that contain unique permissions, we don't remove or restrict existing permissions. We only add or grant permissions.”
• This explains users who can still see or edit content they “shouldn’t” after folder-level changes.

2. Breaking inheritance creates a new parent for children, but children may already be unique

• When inheritance is broken on a folder, that folder becomes a new parent for items under it. Items inherit the new settings unless they already have uniquely defined permissions.
• If some files or subfolders had unique permissions before you changed the folder, they will not automatically realign with the new folder permissions, causing inconsistent access (some users see more or less than expected).

3. Moving or reshuffling content does not consolidate permissions

• If many files were previously shared individually (each with its own unique scope) and are later moved into a folder, SharePoint does not automatically consolidate those permissions to match the folder.
• The individually shared items retain their unique permissions, so users may still see or access items even if the folder’s ACL looks restrictive.

4. Inheritance limits and large libraries

• For very large libraries or folders (over 100,000 items), inheritance cannot be broken or re-inherited at that container level. Only individual items can be changed.
• If changes were attempted at a level that has hit this limit, some permission operations may not behave as expected at the folder level, leading to inconsistent access.

How to correct the inconsistent access

1. For users who still have too much access:
   • Identify items (files/subfolders) with unique permissions inside the folder.
   • On those items, either:
     • Reset them to inherit from the folder, or
     • Explicitly change their permissions to remove the unwanted access.
   • For a specific user who should only have view access, follow the documented pattern:
     • Option 1: Change permissions on the file directly (grant only view permissions to that user).
     • Option 2: Stop sharing the folder to that user (removing all subfile/folder permissions), then create a new share on the folder with the correct level.
2. For users who unexpectedly lost access:
   • Check whether the folder’s inheritance was broken and new permissions were defined that no longer include them.
   • Verify that the items they need do not have more restrictive unique permissions than the folder.
   • If necessary, grant them access at the folder level and ensure critical items inherit from that folder.
3. General best practices to avoid inconsistent behavior:
   • Minimize item-level unique permissions; prefer sharing at folder or library level where possible.
   • When reorganizing content, be aware that moving files does not “clean up” old unique permissions.
   • Periodically review permissions on folders and high-value documents to ensure inheritance and unique scopes match the intended model.

References:

• Sharing SharePoint folder items with unique permissions
• Customize permissions for a SharePoint list or library
• Change the permissions on a subfolder
• Manage Permission Scopes in SharePoint

Hi @Dauchier, 

Based on your description, this behavior is usually caused by permission scoping or caching issues in SharePoint, even when inheritance appears to be broken correctly. 

Since your information is not quite clear, could you kindly confirm these following: 

1/ Are the users who still have access members of any SharePoint groups (Owners, Members, Visitors) or Microsoft 365/Teams groups connected to the site? 

2/ Did you ever share any of these folders using sharing links (for example, “Anyone with the link” or “Specific people”)? 

3/ When users see folders they shouldn’t, can they open the folder, or do they only see the folder name? 

4/ Are the affected users accessing the library via the SharePoint site, Teams, or a synced OneDrive folder? 

5/ Have you used Check Permissions on one affected folder for one affected user, and if so, what does it show as the permission source? 

6/ Do users who lost access still need Limited Access to parent folders or the library to reach their allowed folders? 

Note: Please understand that as a forum moderator, my primary goal is to provide helpful guidance and support through general troubleshooting steps. While I don’t have access to internal systems or test devices required to resolve backend/account issues, I truly appreciate your understanding of these limitations.  

I hope you find this information helpful. If anything is unclear, please don’t hesitate to reach out to me.