Restrict Sharing of Root Folder in Document Library

Occasional Contributor

Is there any way to restrict sharing of a root folder in a document library to anyone outside the organization, or create an approval flow on the root folder for greater governance? We need users to be able to share sub-folders, however, need to restrict the sharing of the root folder (top-level) with anyone outside the organization.


Any guidance or insights here is greatly appreciated! Thank you.

4 Replies

Hello @ChapmanBryan  - I would tackle the problem differently.  Instead of attempting to restrict a folder within a library (not sure you could meet your requirements doing that), I would have a separate document library for the internal documents.  I would then configure that second library to allow a small number of people to share it and teach them not to share it externally.  I'd then have the original library configured to allow sharing by end-users by giving them edit permission.


Since external sharing is a site collection setting, you cannot guarantee that the root folder of a library (or separate library) won't be shared externally.  Anyone with at least edit permission will be able to share it.

best response confirmed by ChapmanBryan (Occasional Contributor)

@KellyDJones thanks for the feedback.  Yeah, I am coming to realize that there is not a great way to restrict the "root" folder in a site that allows external sharing.  We're attempting to create a SharePoint document library as it's own File Transfer Protocol Site.  Where it's fine to share the sub-folders within that "root" to anyone externally, and restricted to anyone that attempts to share the "root" folder where all those sub-folders reside.


Perhaps I have to treat the sub-folders individually as their own document library within that site collection - removing that "root" folder all together.


Was also thinking of governing that "root" folder by creating a Microsoft Automate flow to require approval prior to sharing a folder.  I don't know if that is possible.



@ChapmanBryan - Not sure about the Flow to govern the root.


I'd create one library for external and have the "root" be another library.  I'd then configure the permissions on the libraries to prevent people from incorrectly sharing the root library.

@KellyDJones thanks for your input.  For this particular situation we just opted to create a document library for each of the project folders so there wouldn't be an option for users to inadvertently share all project folders.  Trying to facilitate a File Transfer Protocol site in SharePoint Online - this is probably as close as it can get.