THE MIGHTY "MANAGE ACCESS" FEATURE

What is the “Manage Access” feature that is available when you select a document in a SharePoint library and click the three dots associated with the document you have selected?

  • The "Manage Access" feature in SharePoint, accessible by selecting a document in a document library and clicking the three dots (ellipsis) next to it, enables you to control who has access to that specific document and what permissions they have.
  • This feature provides a user-friendly interface to view, modify, or revoke access to the document, enabling granular control over sharing and permissions at the document level.

Below is a detailed explanation of the feature and its functionality:

How to Access the "Manage Access" Feature

  • Navigate to a SharePoint document library.
  • Select the document you want to manage by clicking on it or hovering over it.
  • Click the three dots (ellipsis) next to the document’s name to open the context menu.
  • Choose "Manage Access" from the dropdown menu. This opens a panel or dialog box showing the current access settings for the document.

What the "Manage Access" Feature Does

  • The "Manage Access" panel provides several options for managing permissions for the selected document. Its functionality depends on the SharePoint version and whether the document inherits permissions from its parent library or site. Here’s what you can do with this feature:
    • View Current Access:
      • The panel displays who currently has access to the document, including:
        • Users or Groups:
          • Lists individuals or groups with direct access or access through sharing links.
        • Permission Levels: Shows whether users have "Read," "Edit," or other permission levels.
        • Links Giving Access: If the document has been shared via a link (e.g., "Anyone with the link," "People in your organization," or specific users), these links are listed here. You can see if the document inherits permissions from the parent library or site or if it has unique permissions.
        • Grant Access:
          • You can share the document with additional users or groups by clicking "Grant Access" or "Share" in the Manage Access panel. In the sharing dialog, you can:
            • Enter names or email addresses of users or groups (internal or external, if external sharing is enabled).
            • Choose a permission level (e.g., "Can view" for read-only or "Can edit" for editing rights).
            • Add an optional message and decide whether to send an email notification.
            • Optionally restrict access to specific people or set an expiration date for the sharing link (if supported by your SharePoint configuration).This feature simplifies sharing while maintaining control over who can access the document.
          • Remove or Modify Access:
            • You can revoke access for specific users or groups by selecting their name in the Manage Access panel and choosing "Remove User Permissions" or adjusting their permission level (e.g., from "Edit" to "Read"). If sharing links are listed under "Links Giving Access," you can delete a link to revoke access for anyone using it.
          • Stop or Manage Permission Inheritance:
            • By default, documents inherit permissions from their parent library or site. If you want to assign unique permissions to the document, you can break inheritance:
              • In the Manage Access panel, click "Advanced" to access detailed permission settings.
                • Choose "Stop Inheriting Permissions" to create unique permissions for the document. After breaking inheritance, you can add, edit, or remove users and groups with specific permissions for the document.
                • If the document already has unique permissions, you can restore inheritance to align its permissions with the parent library by selecting "Delete unique permissions" in the Advanced settings.
                • More about Advanced Settings:
                  • Clicking "Advanced" in the Manage Access panel takes you to the document’s permissions page, where you can fine-tune permission levels (e.g., Full Control, Contribute, Read). Assign permissions to SharePoint groups, Microsoft 365 groups, or Active Directory security groups. View any inherited permissions from the parent library or site. Manage permissions for items with unique settings or limited access users.
  • Key Considerations:
    • Permission Inheritance:
      • If the document inherits permissions, changes made at the library or site level will affect the document unless inheritance is broken.
      • Breaking inheritance is useful when you need specific users to have different access levels for a particular document. Sharing Links:
        • The "Manage Access" panel shows any sharing links created for the document. Be cautious with "Anyone with the link" or "People in your organization" links, as they can grant broad access. You can delete these links to revoke access.
          • External Sharing: If external sharing is enabled in your SharePoint environment, you can use "Manage Access" to share documents with external users, provided they authenticate via Microsoft or a guest account.
  • Security Best Practices:
    • Use the principle of least privilege:
      • Grant only the permissions necessary (e.g., "Read" instead of "Edit" unless required).
      • Regularly review access settings to ensure only authorized users have access.
      • Avoid breaking inheritance unless necessary, as it can complicate permission management.
  • Limitations:
    • For libraries with over 100,000 items, you cannot break inheritance at the library level, but you can still manage permissions for individual documents or folders. Changes to parent permissions (e.g., library or site) won’t affect documents with unique permissions unless inheritance is restored.
  • Example Scenario:
    • Suppose you’re working on a confidential project document in a SharePoint library. The library is accessible to your entire team with "Edit" permissions, but you want only two colleagues to edit this specific document and others to have no access:
      • Select the document, click the three dots, and choose "Manage Access."
      • In the Manage Access panel, click "Advanced" and select "Stop Inheriting Permissions."
      • Remove the team’s access by selecting the group and clicking "Remove User Permissions."
      • Click "Grant Access" and add the two colleagues, assigning them "Can edit" permissions.
      • Save changes. Now, only those two colleagues can access and edit the document, while others in the team cannot.
        • This feature is essential for maintaining security and ensuring that sensitive documents are only accessible to the intended users, making it a powerful tool for document-level access control in SharePoint.