Skip to content
English
Submit a request
Go to trustedfamily.com
  • There are no suggestions because the search field is empty.

SharePoint Integration: Understanding Permission Inheritance

What Is “Broken Permission Inheritance” in SharePoint?

By default, every folder in a SharePoint library inherits its permissions from the parent above it. This means that if a user has access to a SharePoint drive, they have access to everything inside it - consistently and predictably.

SharePoint allows administrators to break this inheritance on individual folders, assigning unique permissions that differ from the parent. For example, a folder visible to the entire company might contain a subfolder restricted to only the finance team.


Why This Matters for Our Integration

Our integration syncs data from SharePoint using a system-level connection with full read access to the configured drives. When a user selects content to sync, the integration retrieves that content on their behalf.

If a SharePoint drive contains folders with broken inheritance, the integration cannot distinguish between what the system can access and what the individual user is permitted to see. 

This means data from restricted subfolders may be synced and surfaced to users who would not normally have access to it in SharePoint.

This is not a bug - it is a fundamental limitation of how system-level sync works in combination with SharePoint’s per-folder permission model.


Why Don't We Support Broken Permission Inheritance?

Beyond the data access concern above, there are two additional reasons we have chosen not to support this configuration:

  1. Performance. Evaluating per-folder permissions for every sync operation at the user level introduces significant overhead, especially in deeply nested drives. This would degrade sync speed and reliability for all users.
  2. Data continuity. When permissions are managed at the folder level rather than the site or drive level, removing a user from a SharePoint group can silently break sync for content that was previously accessible. This leads to incomplete or inconsistent data without any visible error.

Our Recommendation

If you rely on broken permission inheritance in your SharePoint environment, do not configure those drives with our integration.

Instead, consider one of the following:

  • Restructure your SharePoint environment so that content with different access levels lives in separate drives or separate sites, each with uniform permissions.
  • Only allow drives where all users in the integration have identical access, ensuring no mismatch between SharePoint permissions and synced data.

If you are unsure whether your SharePoint drives use broken inheritance, your SharePoint administrator can check this by navigating to a folder’s settings and looking for the “Manage Access” or “Stop Inheriting Permissions” option. If any folder shows unique permissions, inheritance has been broken.


Questions?

If you need help determining whether your SharePoint setup is compatible with our integration, contact our support team. We’re happy to help you evaluate your configuration before you connect.

Learn more about SharePoint permission management in Microsoft's official documentation. Click here.