SharePoint Permissions

Dear @Kathy Santana,

Good day, and thank you for describing the issue in detail.

I understand that your staff members were unable to access documents in SharePoint. As a forum moderator, I truly wish I could access your environment or backend systems to investigate this directly. However, my role here is limited to providing general guidance and troubleshooting steps that can be applied by users and administrators. From my research, this issue often stems from permissions changes, group membership problems, or broader configuration shifts. Since I don’t have visibility into your tenant, it’s difficult to determine the exact cause without a bit more information.

To help narrow this down, could you please share the following details?

• The exact error message users receive
• Whether users can see the SharePoint site but not the documents, or if they receive a complete Access Denied
• Whether this affects one specific site or document library, or all SharePoint sites and OneDrive across the organization
• Whether the issue persists when accessing SharePoint from a personal device or mobile device (outside the corporate network)
• Whether any administrative changes were made today (for example, enabling MFA, modifying domains, adjusting storage limits, or changing security policies)

In the meantime, below are some common causes for this issue, along with quick troubleshooting steps you can take as an admin or site owner:

1.Permissions were changed or broken (Most Likely Cause)

• Someone (or an automated process) may have modified SharePoint groups (e.g., Members, Visitors, Owners), removed users from security groups, or broken permission inheritance on libraries/folders.
• A recent change to Microsoft 365 Groups, Entra ID groups, or conditional access policies could also revoke access.
• Unique permissions on individual folders/files can hide documents from most users.

What to check:

• Go to the affected SharePoint site > Settings (gear icon) > Site permissions.
• Check Site members permissions to see what access they currently have.
• Review the Members and Visitors groups, ensure all staff are still listed (or that the correct Microsoft 365 Group is included).
• For document libraries: Go to the Document > Settings > Library settings > More library settings > Permissions for this document library. Look for broken inheritance and restore inheritance if needed (but be careful, this can overwrite custom folder permissions).
• If folders have unique permissions, right click the folder > Manage access and fix as required.

2.Microsoft 365 Group or Azure AD Sync Issues

• If your staff access is managed via a Microsoft 365 Group or security group synced from on-premises AD, a sync failure or group membership change could cause this.
• Changes to group membership can take up to 30–60 minutes (sometimes longer) to fully propagate to SharePoint.

In the Microsoft 365 admin center (admin.microsoft.com) > Teams & groups > Active teams & groups, verify the relevant groups still contain all users.

3.Conditional Access, Device, or Network Policies

• Organizational policies (e.g., unmanaged device restrictions, location-based blocks, or Information Barriers) can suddenly block access.
• This often shows as “Access Denied due to organizational policies.”

As a Global Admin or SharePoint Admin:

• Go to the Microsoft 365 admin center > Show all > Sharepoint admin center > Policies > Sharing, check for your sharepoint settings.
• Also in sharepoint admin center > sites > active sites > look for your sharepoint site > Settings, check your site settings.

4.Other Quick Checks

• Ask a few users to try in an incognito/private window or clear cache/cookies.
• Ensure users are signed in with their company account (not a personal Microsoft account).
• Ask if any admin made permission, sharing, or site setting changes in the last 24–48 hours.
• In the document library, check if a view is filtering out files (e.g., due to required metadata or content approval being enabled).

I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this. Thank you for your patience and understanding. If you have any questions or need further assistance, please feel free to share them in the comments so I can continue to support you. I'm looking forward to your reply.

If the answer is helpful, please click "Accept Answer" and kindly upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Several common SharePoint/OneDrive conditions can suddenly prevent staff from accessing documents:

1. Missing or incorrect permissions
   • If users don’t have the appropriate permissions on the site, library, folder, or file, they will see errors such as:
     • “Access Denied”
     • “You don’t have permission to access this item”
     • “You need permission to access this site”
   • This can happen if:
     • Permissions were changed on the site or library (for example, a group was removed or permission levels were reduced).
     • Users were removed from a security group that grants access.
   • To verify and fix:
     1. Decide what permission level users should have (for example, Read, Edit, or Contribute).
     2. On the affected SharePoint site, go to Settings > Site permissions.
     3. Use Check Permissions to see what access a specific user has.
     4. If they don’t have the expected access, grant permissions to the site or directly to the file/folder.
     5. If issues persist, remove the user from the site and re‑grant permissions.
2. Account or directory issues
   • Errors like “User not found in the directory” or persistent access errors can be caused by:
     • The user account being deleted and recreated with the same UPN (user name), which creates a new internal ID and can cause a site user ID mismatch.
     • Directory synchronization changes (for example, users moved to a different OU) while they were already using SharePoint.
   • These conditions can break existing permissions even if the user name looks the same.
3. Shared link or sign‑in mismatch
   • If staff are using shared links, they may be signed in with a different account than the one the link was shared to.
   • In that case, SharePoint/OneDrive will show that the link is not available to the signed‑in account and ask to sign out and try a different email.
4. Limited‑access user permission lockdown mode
   • If a folder is shared with users who do not have access to the parent site or library, SharePoint normally assigns Limited Access on parent items so they can reach the folder.
   • If the Limited‑access user permission lockdown mode feature is enabled at the site collection level, this mechanism can break, and users will see:
     • “Access Denied”
     • “You need permission to access this resource”
     • “You can’t access this item”
   • This can cause a sudden loss of access to shared folders if the feature was recently enabled or the sharing pattern changed.
   • Workarounds include:
     • Sharing individual files instead of folders.
     • Sharing the entire site or subsite with the users.
     • Disabling Limited‑access user permission lockdown mode if no other required features depend on it.
5. Farm‑ or service‑level restrictions (tenant‑wide)
   • In some cases, SharePoint can be placed into a restricted or read‑only state at the service level (for example, due to policy or administrative action). In that case, all sites may become read‑only or inaccessible, regardless of local site settings.
   • This is visible in site settings as messages like “This site is read only at the farm administrator’s request,” and must be resolved by the tenant administrator or Microsoft support.
6. How to start troubleshooting in this situation
   • Identify the exact error message users see (for example, “Access Denied,” “User not found,” or “You need permission…”).
   • Check whether the issue is:
     • Tenant‑wide (all sites and users) → likely service‑level or tenant‑level change.
     • Limited to specific sites, folders, or users → likely a permissions or feature configuration issue.
   • For affected sites:
     1. Use Site permissions > Check Permissions for a sample user.
     2. Confirm that the expected groups and permission levels are still in place.
     3. If using shared folders heavily, check whether Limited‑access user permission lockdown mode is enabled and consider the documented workarounds.

If the problem is tenant‑wide and not explained by recent admin changes, the next step is for a Microsoft 365 administrator to open a support ticket so backend service‑level issues can be investigated.

References:

• Unable to access SharePoint Online
• Access Denied or You need permission errors in SharePoint Online and OneDrive
• "Access Denied" error when trying to access a shared folder
• Why SharePoint ribbon buttons are unavailable
• "Unable to reach the server" error when sharing files or folders in SharePoint or OneDrive
• Acceptable Use Policy violation notice on Microsoft 365 Developer E5 sandbox - SharePoint read-only at farm level - Microsoft Q&A
• Copilot Studio Agent doesn't recognize the docs in the Knowledge Base. - Microsoft Q&A