How to manage and fix errors with inherited permissions in Protect and Control

Admins Updated Feb 20, 2026

In this article

person icon

The information in this article applies to admins on Dropbox Dash.

Inherited permissions are permissions that come from a parent folder, shared drive, site, or library in a connected app. When permissions are granted at a higher level, it automatically applies to all nested files and subfolders.

Protect and Control follows the permission model of each connected app. Apps like Google Drive, Dropbox, and Microsoft 365 apply permissions at the parent level and extend them to all child items.

Because inherited permissions are controlled by the source app, you can only remove or change them at the parent level in Protect and Control. If you attempt to remove inherited permissions from files or subfolders, you’ll receive an error indicating that the permission is inherited and can’t be modified at that level.

To update or remove inherited permissions, you must change permissions in the app where they were originally assigned.

Common inherited permissions errors

 

Connected app Explanation
Google Drive

Since permissions are typically assigned at the parent level, you must update them at the shared drive or highest-level folder.

Direct permissions that were added at the item level can still be removed individually. However, if a user has an Editor role on a shared drive, you can’t remove their access from subfolders because it’s inherited from the shared drive.

Items must also have at least one Manager. You can’t remove the last Manager from a shared drive or folder. In My Drive, folders and files also inherit permissions from their parent folder, so permission changes must begin at the top-level folder.
Dropbox

Permissions can be inherited at both the folder and file level. If permissions are granted to a parent folder, all nested folders and files inherit that permission. In Protect and Control, inherited permissions can’t be removed at the child level. To change inherited permission, update permissions on the parent folder in Dropbox.

Direct permissions added to a specific file or folder can be removed individually.
Microsoft 365

Permission inheritance is common across SharePoint sites, document libraries, and folders. If an item inherits permissions from a parent site or library, you won’t be able to remove permissions at the item level.

In some cases, the option to remove permissions is disabled because the permission is inherited. Organizational policies, site-level settings, or privacy configurations may also restrict permission changes. To update inherited permissions, modify permissions at the parent site, library, or folder where inheritance begins.

Step 1. Identify inherited permissions errors

 

  1. Log in using your admin credentials. Learn how to access Protect and Control.
  2. Use filters to narrow results, such as shared drives, ownership, or permission type.
  3. Select an item to review its permissions.

 

Step 2. Remove direct permissions

Before updating inherited permissions in the source app, remove any direct permissions in Protect and Control. This ensures only inherited permissions remain and clarifies the permission structure.

  1. In Protect and Control, locate and select the affected item.
  2. Review the permissions list and identify any permissions that aren’t labeled as inherited.
  3. Remove the direct links or collaborators. Learn how to manage shared links.
  4. Confirm that only inherited permissions remain on the item.

Step 3. Fix inherited issues in the source app

If permissions are inherited, you must update them at the parent level in the source app.

  1. Identify the parent folder, shared drive, site, or library listed on the inherited permission.
  2. Go to the source app.
  3. Update or remove permissions at that parent location.
    • Google Drive. Update permissions at the shared drive or top-level folder where permissions were originally granted. For example, if a user should no longer have access, remove their role, such as Contributor, at the shared drive level.
    • Dropbox. If permissions are inherited by subfolders or files, update permissions on the parent folder in Dropbox. Changes at the top-level folder apply to all nested content.
    • Microsoft 365. Modify permissions at the parent site, document library, or folder where inheritance begins. Changes must be made at the level that controls the inherited permissions.
highlighter icon

Note: Changes made in the source app at the parent level apply to all child files and folders that inherit those permissions.

Step 4. Confirm your changes and track history

 

  1. Return to Protect and Control.
  2. Click Action history.
  3. Review completed actions to confirm which permissions were removed.
  4. Check for any actions that were blocked due to inherited permissions.

 

If access was blocked due to inheritance, return to the source app and confirm that the change was made at the correct parent level.

Learn how to use the Action history page.

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Related Articles

View Protect and Control reports in Dash

How to access the Protect and Control page

How to fix security risks in Protect and Control dashboard

How to manage shared links in the Dash Protect and Control dashboard

Other ways to get help

Icon depicting two people
Community
Icon depicting a speech bubble
Contact support
Twitter Icon
Social media support