SharePoint Access Denied

Encountering an “Access Denied”, “You need permission to access this site”, or “Error: Access Denied” message in SharePoint Online is a frequent issue. This roadblock occurs in both web browsers and desktop sync applications (OneDrive client).

This guide outlines the root causes of SharePoint authorization failures and provides step-by-step solutions to resolve them for web browsers, Windows, and macOS clients.

---

1. Understand SharePoint Access Denied Errors

Permission and access issues generally result from four primary triggers:

• Active Session Hijacking (Multi-Account Conflict): If you log into multiple Microsoft accounts (e.g., a personal Microsoft Account and a corporate Office 365 account) in the same browser, Microsoft’s identity portal often maps requests to the incorrect active session, causing authentication to fail.
• Broken Permission Inheritance: SharePoint sites, document libraries, or folders can have unique permissions. If inheritance is broken and your account or group is removed from the list, access is immediately blocked.
• Site Lock Status: Administrators can set SharePoint Site Collections to “No Access” or “Read Only” states due to policy compliance or storage capacity limits, preventing all modifications or access.
• Stale Local Desktop Tokens: The OneDrive sync client relies on local authentication tokens stored in the OS credential store. If these tokens expire or corrupt, local file mounts fail to synchronize.

---

2. Resolve Browser Account and Session Conflicts

If you encounter “Access Denied” while browsing SharePoint Online, isolate your web sessions to eliminate account conflicts.

Step 1: Use Private Browsing (Incognito)

1. Copy the full URL of the SharePoint site, folder, or document.
2. Open a new private browsing window:
   • Chrome (Incognito): Press Ctrl + Shift + N (Windows) or Cmd + Shift + N (macOS).
   • Microsoft Edge (InPrivate): Press Ctrl + Shift + N (Windows) or Cmd + Shift + N (macOS).
3. Paste the URL and log in using your corporate Office 365 credentials.

Step 2: Clear Microsoft Cookies and Session State

If private browsing works, clean up your standard browser session cookies:

1. In your browser, navigate to the cookie settings for Microsoft:
   • Enter chrome://settings/content/all?search=microsoft in Chrome.
2. Search for sharepoint.com, live.com, and office.com.
3. Click the delete icon to purge all cookies related to these domains.
4. Relaunch your browser and log in.

---

3. Fix SharePoint Sync Credentials on Windows

If the OneDrive sync client fails to sync a SharePoint document library and displays an access error, reset your local identity tokens and OneDrive configuration.

Step 1: Force Close OneDrive and Clear Credentials

Run the following commands in an elevated Command Prompt to terminate OneDrive and clean corrupt Office credentials from the Windows Credential Manager:

:: Stop the OneDrive client process
taskkill /f /im OneDrive.exe

:: Remove cached SharePoint credentials from Windows Credential Manager
cmdkey /list | findstr /i "MicrosoftOffice16_Data" > "%TEMP%\creds.txt"
for /f "tokens=1,2*" %i in (%TEMP%\creds.txt) do cmdkey /delete:%k
del "%TEMP%\creds.txt"

Step 2: Reset the OneDrive Sync App

Resetting OneDrive forces the sync engine to re-verify permissions for all synced SharePoint libraries without deleting your local files:

:: Execute the built-in OneDrive client reset command
"%localappdata%\Microsoft\OneDrive\onedrive.exe" /reset

Note: If you receive a path error, run the following fallback command:

"%ProgramFiles%\Microsoft OneDrive\onedrive.exe" /reset

Step 3: Delete Cached Office File Cache

Corrupt local Office caches can block file sync. Purge the local cache:

rmdir /s /q "%localappdata%\Microsoft\Office\16.0\OfficeFileCache"

---

4. Fix SharePoint Sync Credentials on macOS

On macOS, OneDrive handles SharePoint sync. If permissions are rejected, you must clear the macOS Keychain and local app containers.

Step 1: Stop OneDrive and Purge Local Containers

Open Terminal (Applications > Utilities > Terminal) and execute the following commands:

# Terminate the OneDrive application
killall OneDrive

# Purge OneDrive Application Support directories
rm -rf ~/Library/Application\ Support/OneDrive
rm -rf ~/Library/Containers/com.microsoft.OneDrive-mac
rm -rf ~/Library/Group\ Containers/UBF8T346G9.OneDriveStandaloneSuite

Step 2: Clear Office and OneDrive Keychain Credentials

Keychain Access stores corrupted authorization tokens that must be manually removed:

1. Open Keychain Access via Spotlight (Cmd + Space -> “Keychain Access”).
2. In the top-right search box, search for:
   • OneDrive
   • MicrosoftOffice
3. Select all matching items, right-click, and select Delete.
4. Run the OneDrive reset script built into the app bundle:

   /Applications/OneDrive.app/Contents/Resources/ResetOneDriveAppStandalone.command

5. Relaunch OneDrive, sign back in, and initiate the SharePoint sync again.

---

5. Summary Checklist for Access Denied Errors

Target Environment	Actionable Fix	Intended Outcome
Web Browser	Copy URL into Private Window (Incognito / InPrivate)	Bypasses active session cookie conflicts.
Web Browser	Clear cookies for *.sharepoint.com	Purges expired or mismatched OAuth cookies.
Windows Desktop	taskkill /f /im OneDrive.exe & onedrive.exe /reset	Forces the sync engine to re-verify permissions.
Windows OS	Remove “MicrosoftOffice16” items in Credential Manager	Deletes bad authentication tokens.
macOS Desktop	Run ResetOneDriveAppStandalone.command	Resets OneDrive configuration plist and cached databases.
macOS Keychain	Delete all “OneDrive” & “MicrosoftOffice” keychain entries	Cleans corrupted security credentials.