SharePoint Permission Matrix Generator
Define resources and principals, assign permission levels, and instantly generate a color-coded matrix. Export as CSV or Markdown for audits and documentation. 100% client-side — nothing leaves your browser.
Quick Start Templates
Resources (Rows)
Principals (Columns)
Permission Matrix
| Resource | OwnersSP Group | MembersSP Group | VisitorsSP Group |
|---|---|---|---|
Home Site Site | |||
Documents Library |
What is a SharePoint Permission Matrix?
A SharePoint Permission Matrix is a structured document that maps out which users and groups have what level of access across your SharePoint sites, libraries, lists, and folders. It provides a clear, at-a-glance view of your security posture — making it essential for audits, compliance, and IT governance.
When You Need a Permission Matrix
- Security Audits — document who can access what before an audit or compliance review (ISO 27001, SOC 2, GDPR).
- Site Provisioning — plan the permission structure before creating new sites, so you start with the right security model.
- Employee Onboarding/Offboarding — quickly see which groups a new hire should be added to, or verify access is revoked when someone leaves.
- Broken Inheritance Reviews — identify where unique permissions have been applied and whether they follow your governance policies.
- External Sharing Reviews — track which resources are accessible to external users, guests, or partner organizations.
SharePoint Permission Levels Explained
- Full Control — complete administrative access including managing permissions and site settings.
- Design — can create lists/libraries and edit pages in the site.
- Edit — can add, edit, and delete list items and documents.
- Contribute — can add, edit, and delete their own items.
- Read — can view pages, list items, and download documents.
- View Only — can view pages and items but cannot download.
Frequently Asked Questions
A permission matrix is a grid that maps users and groups to the specific access levels (Read, Contribute, Edit, Full Control) they have across different SharePoint resources — sites, libraries, lists, and folders. It provides a clear, auditable overview of who can access what.
Regular audits prevent data leaks, ensure regulatory compliance (GDPR, SOX, HIPAA), and verify that only authorized personnel have access to sensitive enterprise documents. Many organizations are required to produce permission reports during annual security audits.
Yes. This tool lets you export the generated matrix as a Markdown table (for documentation in Wikis or GitHub) or as a CSV file (for Excel analysis and compliance reporting).
SharePoint includes several built-in permission levels: Full Control (site owner), Design (customize pages), Edit (add/edit/delete items), Contribute (add/edit items but not delete lists), Read (view only), and Limited Access (automatically assigned when sharing individual items).
By default, SharePoint items inherit permissions from their parent (folder → library → site). When you "break inheritance," you create unique permissions for that item. This is useful for restricted documents but can create management complexity if overused.
The principle of least privilege means granting users the minimum level of access they need to do their job. For example, don't give "Full Control" when "Contribute" suffices. This reduces risk and is a requirement for most security frameworks.
In SharePoint, go to Site Settings → Site Permissions → Check Permissions and enter the user's name. SharePoint will show all permission levels granted through direct assignments and group memberships.