sharepoint

Fix SharePoint Permission Issues

Resolution Checklist

  • 1 Diagnose SharePoint Access Denied and credential clashes
  • 2 Clear cached Office 365 credentials on Windows and macOS
  • 3 Verify permission inheritance and group memberships
  • 4 Resolve external sharing and guest account authorization errors
  • 5 Verify access using the Check Permissions tool in SharePoint Admin

Fix SharePoint Permission Issues

Encountering an “Access Denied”, “You need permission to access this site”, or “We’re sorry, but [user] can’t be found in the directory” error in SharePoint Online indicates that the security context of your active login session does not match the access control list (ACL) of the target library, folder, or file. This is often aggravated by work and personal Microsoft account overlaps, broken inheritance rules, or stale client-side caches.

This guide outlines how to fix account identity mismatches, clear cached OS credentials, and diagnose tenant permission hierarchies.

1. Primary Causes of SharePoint Permission Issues

Authentication and permissions in SharePoint Online are governed by Entra ID (formerly Azure AD) and local site settings:

  • Active Session Clashes: Your web browser or OneDrive sync client is attempting to authenticate using a cached Microsoft Account (MSA) that differs from the corporate Work or School account assigned to the SharePoint site.
  • Broken Permission Inheritance: A site administrator has broken permission inheritance on a specific subfolder or document, creating custom permissions that exclude your user account or group.
  • Stale Office Identities: Local credential databases (Windows Credential Manager or macOS Keychain) contain outdated or invalid OAuth refresh tokens.
  • Guest/External Access Expiry: Tenant-wide external sharing policies have expired or blocked guest logins due to multi-factor authentication (MFA) requirements.

2. Clear Cached Credentials from your Computer

If the client application keeps throwing authentication warnings or denies access to synced folders, clear the cached Microsoft Office identity tokens.

A. Reset Credentials on Windows

  1. Close all Microsoft Office apps (Word, Excel, Teams) and the OneDrive client.
  2. Press the Windows Key, type Credential Manager, and select it.
  3. Click on Windows Credentials.
  4. Scroll down to the Generic Credentials section.
  5. Locate all entries starting with or containing:
    • MicrosoftOffice16_Data:orgid:...
    • MicrosoftOffice16_Data:live:...
    • OneDrive Cached Credential
    • MicrosoftAccount:user=...
  6. Expand each of these entries and click Remove.
  7. Relaunch OneDrive or Word, and sign in again using your work/school credentials.

B. Reset Credentials on macOS

  1. Quit all Microsoft applications.
  2. Launch Keychain Access (via Spotlight search).
  3. In the search field in the top-right corner, type Microsoft or Office.
  4. Select and delete the following credential items:
    • Microsoft Office Identities Cache 3
    • Microsoft Office Identities Settings 3
    • OneDrive Cached Credential
    • Any entry matching com.microsoft.Office365...
  5. Restart your Mac and relaunch your Office application to input fresh login credentials.

3. Verify Permission Configurations in SharePoint Web UI

If you are a site owner or administrator, troubleshoot ACL assignments through the SharePoint Online browser portal:

A. Use the “Check Permissions” Diagnostic Tool

Rather than manually auditing security groups, SharePoint includes a built-in checking utility:

  1. Navigate to the document library or folder where the user faces issues.
  2. Click the Gear icon (Settings) in the top right → select Library settings (or More library settings).
  3. Click on Permissions for this document library.
  4. In the ribbon tab at the top, click Check Permissions.
  5. Type the affected user’s name or email address into the search field and click Check Now.
  6. SharePoint will output a detailed report listing the exact groups, permission levels (e.g. Read, Edit, Full Control), and whether permissions are inherited or explicitly assigned.

B. Re-Inherit Permissions if Broken

If a folder has custom permissions that have become corrupted:

  1. Under the library’s permission settings page, click Delete unique permissions in the top ribbon.
  2. This inherits permissions from the parent site again, automatically restoring access to any users assigned to standard parent groups (e.g. Site Visitors or Site Members).

4. Troubleshooting External Guest and Tenant-level Blocks

If external consultants or guests cannot access shared directories:

  1. Check Entra ID Guest Status: Ensure the guest user has accepted their invitation email. If their status in Entra ID is PendingAcceptance, they must complete the onboarding flow first.
  2. Verify External Sharing Policies: Navigate to the SharePoint Admin CenterPoliciesSharing. Confirm that external sharing is set to “Anyone” or “New and existing guests” for this specific site collection. If it is set to “Only people in your organization”, all external access is blocked regardless of local folder settings.

5. Summary Permissions Reference

  • Incognito Verification: Test opening the SharePoint link in an incognito window to bypass local Microsoft account credential collisions.
  • Clear Generic Credentials: Delete all cached MicrosoftOffice16 and OneDrive entries in Windows Credential Manager or Mac Keychain Access.
  • Run Check Permissions: Use the administrative check tool under library settings to determine the user’s explicit ACL path.
  • Restore Parent Inheritance: Click Delete unique permissions in the ribbon to inherit standard site-level permissions.
  • Check Admin Center Sharing: Verify site-collection guest access toggles in the SharePoint Admin Center.