Restrict Permissions for Top Level Folder Only

Copper Contributor

I'd like to prevent users from creating new folders in the top level directory of a SharePoint document library. I know I can stop inheriting permissions for each of the sub folders and therefore have different permissions, but there are quite a lot of sub-folders that would then be more difficult to manage. 


Is there a simple way to restrict folder creation at the top level only?

7 Replies
There is a setting in the library settings that hides the create folder option in the SPO UI...but if the users sync the library with the ODFB Client, they will still be able to create folders
Basically there is no easy way. Even if you could or use the method Juan is talking about, you would prevent them from creating folders inside those sub folders. I want this same functionality for Teams attached document libraries :P. But then, you would probably break channel creation lol.

@Chris Webb @Juan Carlos González Martín Thanks for your replies. Unfortunately they confirm I can't do it easily :sad:


At least I know now!

Hi @jawilson could you please share what's the solution here that you were confirmed :)

Thank you 

@sarah_mct, Unfortunately there was no easy solution for my problem. 

Hello, @jawilson 


Let me make sure I understand your problem, correctly: You have a Document Library within which you have multiple sub-folders. You want to create a permission setting preventing users from creating folders within this Document Library yet still allow them to create folders within the sub-folders.


If this is a correct statement of your situation have you considered creating a new Permissions group?


At the top level (Parent), you can create a new user group (SiteName)_FolderEditors or some such. The users that you want to allow to create sub-folders would go into this Permission Group with Edit rights. Those same users would be removed from the Members group at the Parent level. Refresh your site to cascade the new Permission Group throughout your site. Once you confirm the permission group has dispersed, you would go through each of the sub-folders and break the Inherit Permissions link at the top level of each of those folders. You would then need to delete the new Permission Group you've created from the top level, or they'd still have Edit rights.


At this stage, the primary Permissions Group: Site Owners, Site Members & Site Visitors would remain so you can still add users to any of those, but only the (SiteName)_FolderEditors group would be populated and have the rights to create new folders at the level below the Parent. 


It would mean that if you need to add members broadly, across multiple Document Libraries in your site you would have to either recreate the (SiteName)_FolderEditors at the Parent level, and return to Inherit Permissions across the board, or go through each of the Document Libraries and manually add the users to where they need to be.


No matter what you do, it's going to be a maintenance headache.

SharePoint Online's out-of-the-box features do not support this functionality. However, there is a third-party add-in that enabled our organization to organize folder structures according to our specific requirements.

We could customize selected site collections as needed; for instance, setting Site A, Library A to a folder level of 2, Site B, Library C to a folder level of 3, while the rest of the site collections in the tenant defaulted to 1 folder level.

This SharePoint extension includes numerous other features, with the standout being the 'Access Manager,' which allows for instant scanning and auditing of folder/item permissions across site collections.

Following is the link to the product.