SharePoint provides several ways to restrict access to specific documents to ensure confidentiality and compliance. Organizations can control who can view, edit, or share certain files by configuring permissions, Information Rights Management (IRM), or sensitivity labels.
This guide explains:
✔ How SharePoint permissions work
✔ Step-by-step methods to restrict document access
✔ Best practices for managing restricted documents
1. Understanding SharePoint Permissions
SharePoint uses a hierarchical permission model:
Site Level – Permissions apply to all content in the site
Library Level – Permissions apply to all documents in the library
Folder Level – Permissions apply to all documents within the folder
Document Level – Permissions apply to a single document
By default, permissions are inherited from the parent site or library. To restrict access to a specific document, you must break inheritance and assign custom permissions.
2. Methods to Restrict Access to a Document in SharePoint
A. Restrict Access Using Unique Permissions
Use this method when you want to prevent certain users from accessing a specific file.
Steps:
1️⃣ Navigate to the document library containing the file
2️⃣ Select the document you want to restrict
3️⃣ Click on More options (⋮) ➝ Manage access
4️⃣ Click Advanced to open Library Settings
5️⃣ Click Stop Inheriting Permissions (this breaks inheritance from the library)
6️⃣ Remove or modify permissions:
✔ Remove users/groups who should not have access
✔ Add specific users who should have access
7️⃣ Click OK to save changes
Now, only the selected users can access the document.
B. Restrict Access Using Sensitivity Labels (Microsoft Purview)
Sensitivity labels allow you to apply encryption and access restrictions to documents even after download.
Steps:
1️⃣ Open the document in Microsoft Word, Excel, or PowerPoint
2️⃣ Click File ➝ Info ➝ Sensitivity
3️⃣ Choose a predefined sensitivity label (e.g., Confidential, Restricted)
4️⃣ Configure access restrictions:
✔ Allow only specific users to view/edit
✔ Disable printing, copying, or forwarding
5️⃣ Save the document
Now, the document will be encrypted, and only authorized users can access it.
C. Restrict Access Using Information Rights Management (IRM)
IRM encrypts documents and applies persistent access restrictions.
Steps:
1️⃣ Go to SharePoint Document Library
2️⃣ Click Library Settings
3️⃣ Under Permissions and Management, select Information Rights Management (IRM)
4️⃣ Click Restrict permissions on this library
5️⃣ Choose restrictions, such as:
✔ Prevent users from copying, printing, or forwarding
✔ Set an expiration date for access
6️⃣ Click Save
Now, IRM will enforce access restrictions on all files in the library.
D. Restrict Access Using SharePoint Sharing Settings
You can control who can share a document to prevent unauthorized access.
Steps:
1️⃣ Select the document
2️⃣ Click Share
3️⃣ Click Settings (⚙)
4️⃣ Choose “Specific people” instead of “Anyone with the link”
5️⃣ Disable “Allow editing” if needed
6️⃣ Click Apply and send the link
Now, only specified users can access the document.
E. Restrict Access Using Item-Level Permissions (for Lists & Libraries)
This method limits access to specific files based on user roles.
Steps:
1️⃣ Open Library Settings
2️⃣ Click Advanced Settings
3️⃣ Under Item-level permissions, choose:
✔ Read access – Users can only read items they created
✔ Edit access – Users can only edit their own items
4️⃣ Click Save
Now, users can only access their own uploaded files.
3. Best Practices for Managing Restricted Documents
✔ Use least privilege access – Only grant access to users who truly need it
✔ Regularly review permissions – Ensure only the right users have access
✔ Combine multiple security features – Use IRM + sensitivity labels + permissions for layered security
✔ Educate employees – Train staff on document security policies
✔ Monitor access logs – Use Microsoft 365 Audit Logs to track document access
4. Conclusion
Restricting access to specific documents in SharePoint enhances data security and compliance. By using unique permissions, IRM, sensitivity labels, and advanced sharing settings, organizations can prevent unauthorized access while ensuring collaboration remains secure.
Next Steps:
✅ Apply unique permissions to confidential documents
✅ Use sensitivity labels for encrypted protection
✅ Monitor document access to prevent data leaks
A well-implemented access control strategy helps organizations protect sensitive information while maintaining productivity.