How to Share a Document Library in SharePoint Online?

Requirement: Set Permissions on a SharePoint Online Document Library.

How to Grant Access to a Document Library in SharePoint Online?

By default, any document library created in SharePoint inherits permissions from its parent site. However, you may have to restrict access to a document library in SharePoint Online at times. How do I give permission to a document library in SharePoint Online? Here are the steps to share a document library in SharePoint Online:

  1. Login to your SharePoint Online site >> Navigate to the specific document library you want to change permission.
  2. Click on Settings gear >> Choose the “Library Settings” menu item. This takes you to the library settings page.
    how to grant access to a document library in sharepoint online
  3. Click on the “Permissions for this document library” link under the “Permissions and Management” group.
    how to restrict access to a document library in sharepoint online
  4. Click on the “Stop Inheriting Permissions” button on the ribbon and confirm the prompt. Now you can add or remove users and groups to the document library to restrict permissions.
    how to share a document library in sharepoint online
  5. Select users and groups and click on the “Remove user permissions” button to remove unnecessary users. To add additional users to the document library, click on “Grant Permissions” and add people or groups, then set necessary permissions.

Please note, the above steps either provide access to the specific document library or restrict permissions to it without altering any permissions at the site level.

PowerShell to Grant Permissions to a Document Library in SharePoint Online

We can grant permissions on a document library in SharePoint Online with PowerShell as well. Here is the Client side object model PowerShell to grant access to a user and group on a document library:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
    
#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"
$ListName ="Documents"
$UserID="[email protected]"
$GroupName="Retail Members"
$PermissionLevel="Edit"
 
#Get Credentials to connect
$Cred = Get-Credential

Try { 
    #Set up the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
  
    #get the List
    $List = $Ctx.Web.Lists.GetByTitle($ListName)
    $Ctx.Load($List)
    $list.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()

    #Break Inheritance if the list is inheriting permissions from parent
    If(!$List.HasUniqueRoleAssignments)
    {
        $List.BreakRoleInheritance($True, $false) #keep the existing permissions: Yes -  Clear list items permissions: No
        $ctx.ExecuteQuery()
    }

    #Grant Permission
    #Get the User
    $User = $Ctx.Web.EnsureUser($UserID)
    $Ctx.load($User)
    $Ctx.ExecuteQuery()
    
    #Get the Group
    $Group =$Ctx.Web.SiteGroups.GetByName($GroupName)
    $Ctx.load($Group)
    $Ctx.ExecuteQuery()
    
    #Get the permission level 
    $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    $RoleDB.Add($Role)
         
    #Assign permissions to list
    $UserPermissions =  $List.RoleAssignments.Add($User,$RoleDB)
    $GroupPermissions = $List.RoleAssignments.Add($Group,$RoleDB)
    $List.Update()
    $Ctx.ExecuteQuery()
    
    Write-host -f Green "Permission granted to List Successfully!"
}
Catch {
    write-host "Error: $($_.Exception.Message)" -Foregroundcolor Red
}

PnP PowerShell to Restrict Access to a Document Library in SharePoint Online

We can share a document library in SharePoint Online with the PnP PowerShell cmdlet Set-PnPListPermission. Here is the PowerShell to grant access to a document library:

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName ="Branding"
$UserID = "[email protected]"
$GroupName = "Marketing Members"

Try {
    #Connect to PnP Online
    Connect-PnPOnline -Url $SiteURL -Interactive
    
    #Get the List
    $List = Get-PnPList -Identity $ListName

    #Break Permission Inheritance of the Library - Remove all existing permissions
    Set-PnPList -Identity $ListName -BreakRoleInheritance

    #Grant Edit permissions on Library to User
    Set-PnPListPermission -Identity $ListName -AddRole "Edit" -User $UserID
 
    #Grant Read permission on document library to the Group
    Set-PnPListPermission -Identity $ListName -AddRole "Read" -Group $GroupName

}
Catch {
    Write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

Similarly, to restrict access to a document library by removing existing users and groups, use:

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName ="Branding"
$UserID = "i:0#.f|membership|[email protected]"
$GroupName = "Marketing Members"

Try {
    #Connect to PnP Online
    Connect-PnPOnline -Url $SiteURL -Interactive
    
    #Get the List
    $List = Get-PnPList -Identity $ListName
    $User = Get-PnPUser -Identity $UserID
    $Group = Get-PnPGroup -Identity $GroupName
 
    #Break Permission Inheritance of the Library - Remove all existing permissions
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments

    #Remove the user and group from document library permissions
    $List.RoleAssignments.GetByPrincipal($User).DeleteObject()
    Invoke-PnPQuery
    $List.RoleAssignments.GetByPrincipal($Group).DeleteObject()
    Invoke-PnPQuery
}
Catch {
    Write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

If you want to export document library permissions to a CSV report, use: SharePoint Online Document Library Permissions Report

How to give folder level permission in SharePoint Online?

To grant permissions to a folder, Browse to the SharePoint Online document library where the folder is located >> Click on “Manage access” >> click on the “Advanced” link. Click on the “Stop Inhering Permissions” >> and Click on the “Grant Permission” to add users to the folder.
More info: Set folder permissions in SharePoint Online

How do I give access to a SharePoint Online site?

Navigate to your SharePoint Online site, click on “Settings” gear, and then click on the “Site Permissions” Click on the “Share Site” Button on the permissions pane. If it’s a Group site, You’ll see the “Add Members” button. Type the user name, and Select the permission level to Grant Site Permissions to the user.
More info: Grant access to SharePoint online site

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

2 thoughts on “How to Share a Document Library in SharePoint Online?

  • Hi, how do you grant permission for a sharepoint group from another site to a library in a different site? You can do this okay via the Sharepoint Online library permissions portal but I can’t find a way of doing it via PS PnP. When you add it via the portal, the group adds okay and is listed as a “Domain Group”

    Set-PnPListPermission allows you to add a group from the same site but when you try to use a group from another site, it states the group cannot be found.

    thanks

    Reply
    • SharePoint Groups are scoped at the site collection level. They can’t be used beyond that limit. However, You can use Active Directory Security Groups globally.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *