The “Items with unique permissions” report helps you identify SharePoint files and folders with non-inherited permissions. Permission inheritance is broken when one of the following occurs:
- Direct access: permissions are granted by explicitly adding users or groups via their email addresses.
- Link-based access: sharing links are provided to internal or external recipients.
The report can be used to see who has access, how it was granted, and manage or revoke these permissions for individual users, groups, or external accounts.
Example: responding to data leakage
If any high-risk sites are identified in the “Sharing risk heatmaps” of the “Activity and storage dashboard”, the following steps can be taken:
- Click on the high-risk sites in the heatmap to open the filtered “SharePoint Site Drilldowns" report.
- Review who has direct access or access through sharing links.
- Remove sharing links or revoke direct access as needed to secure the content.
How to access and use the report
In CoreView, go to “Reports > SharePoint > Items with unique permissions” in the left menu.
The report lists all files and folders with broken inheritance, along with details such as content type, creator, last modified date, site URL, and other selectable fields. Use the “Columns” dropdown to select properties.
Understanding content type and base name
The report includes the following properties:
- Content type: indicates the item’s type name as text, including any custom content type when applicable.
- Base name: shows whether the item is a file or a folder, even when the item uses a custom content type.
By default, files use the “Document” content type and folders use “Folder”, but SharePoint environments can also include custom content types derived from these base types. Because of this, the “Content type” column may display a custom name instead of only “Document” or “Folder”.
Displaying access and sharing counters
The following columns help explain the access and sharing footprint for each item. All columns can be filtered and sorted, and some provide clickable data for drill-downs.
- People with permissions: number of individual users who have permissions on the item (inherited and unique).
- Groups with permissions: number of distinct groups that have permissions on the item (inherited and unique).
-
Sharing links (clickable): total number of sharing links for the item. Shows 0 when no sharing links exist.
- When clicked: opens the “Granted Access” modal on the Links tab for the selected item.
-
Links shared with anyone (clickable): number of sharing links where Sharing type = “Anyone”. Shows 0 when there are no “Anyone” links.
- When clicked: opens the “Granted Access” modal on the Links tab.
-
Links shared with external users (clickable): number of sharing links where Shared externally = True. Shows 0 when no links are shared externally.
- When clicked: opens the “Granted Access” modal on the Links tab.
Reviewing permission inheritance and external access
The report also includes columns that help assess how access is applied to each item and whether external users are involved.
-
Different from inherited: indicates whether an item’s current permissions differ from the permissions inherited from its parent.
- True: the item has unique permissions.
- False: the item uses the same permissions as its parent, even if inheritance is broken.
- External people with unique permissions: shows the number of distinct external users who have access to the item. This column supports sorting and filtering.
Restoring inherited permissions
The “Restore inheritance” management action is available for items in this report. This action removes unique permissions that duplicate access already granted through inheritance.
For example, if inheritance was broken only to grant access to a user who already has access through SharePoint group inheritance, “Restore inheritance” removes that redundant permission. If no other unique permissions remain, the item is no longer listed as having unique permissions.
Accessing the Granted Access modal
Select any item name to open the “Granted Access” modal, where Tenant Admins and delegated operators can review and manage email-based and link-based permissions.
V-Tenant filtering
The SharePoint “Items with Unique Permissions” report supports Virtual Tenant-based filtering. Tenant Admins can restrict report visibility to specified Virtual Tenants, ensuring delegated users access only items within their assigned scope. Configure this filter in the SharePoint section of the Virtual Tenant setup wizard.