Effective access management is the cornerstone of digital security. Whether you are managing a shared family folder on Google Drive, a complex corporate site on SharePoint, or a high-stakes AWS cloud environment, knowing exactly how to remove a user from a permission list is critical. Improperly managed permissions lead to data leaks, unauthorized changes, and compliance failures.

The process of revoking access varies significantly depending on the architecture of the system. This comprehensive analysis provides step-by-step instructions for the most widely used platforms, alongside expert insights into why certain removal methods are preferred over others.

Revoking Access in Cloud Storage Environments

Cloud storage has replaced local file servers in most modern workflows. Because these files are often shared via email addresses or shared links, managing the "People with access" list requires constant auditing.

Removing Users from Google Drive Files and Folders

Google Drive utilizes a simple but powerful sharing model. Access is usually granted at the individual file level or inherited from a shared folder.

  1. Access the Sharing Menu: Open Google Drive and locate the specific file or folder. Right-click the item and select the Share option.
  2. Identify the User: In the popup window, you will see a list labeled "People with access." This includes individuals and groups.
  3. Modify Permissions: Next to the user’s name, look for their current role (e.g., Editor, Viewer, or Commenter). Click the dropdown arrow.
  4. Execute Removal: At the bottom of the dropdown menu, select Remove access.
  5. Finalize: Click the Save button.

Expert Observation: In our practical testing, we have found that if a user was part of a "Shared Drive" (formerly Team Drives), removing them from an individual file within that drive will not work if they still have member status at the drive level. You must navigate to the "Manage members" section of the Shared Drive itself to fully revoke their access.

Managing OneDrive and Microsoft 365 Permissions

OneDrive for Business and personal OneDrive operate similarly to Google Drive but integrate more deeply with Microsoft 365 Groups.

  1. Open Details: Select the file or folder and click the three vertical dots (More actions), then choose Manage access.
  2. Review the List: Under the "Direct Access" header, you will see the list of people who have permanent permissions.
  3. Remove Access: Click the dropdown next to the person's name and select Stop Sharing.
  4. Link Management: Crucially, check the "Links giving access" section. If the user was accessing the file via a specific link, you might need to delete that link entirely to ensure they cannot re-access the file later.

Modifying Permissions in Operating Systems

System-level permissions are governed by Access Control Lists (ACLs). These are more rigid and granular than cloud-based sharing.

Windows 10 and 11 File Security

In Windows, removing a user from a permission list involves interacting with the NTFS file system properties. This is a task typically reserved for users with Administrative privileges.

  1. Properties and Security: Right-click the folder or file in File Explorer and select Properties. Move to the Security tab.
  2. The Edit Interface: Click the Edit button. This opens a new window where you can modify the "Group or user names" list.
  3. The Removal Process: Highlight the user you wish to remove. Click the Remove button.
  4. Apply Changes: Click Apply. Windows will then update the ACL for that object.

Technical Note on Inheritance: If the Remove button is grayed out, it is because the user is inheriting permissions from a parent folder. To fix this, you must go to Advanced settings on the Security tab and click Disable inheritance. You will then be asked whether you want to "Convert inherited permissions into explicit permissions" (Choose this) or "Remove all inherited permissions." Once converted, you can remove the specific user manually.

Linux and Unix-Based Systems via Command Line

Linux manages permissions through owners, groups, and others, but for specific "lists," we use Access Control Lists (ACLs).

To see who is on the list, you would use: getfacl filename

To remove a specific user from that list without deleting the file or changing global permissions, use the -x flag: setfacl -x u:username filename

If you are trying to remove a user from a system group (which often dictates their access to various directories): sudo gpasswd -d username groupname

Our experience shows that many administrators forget to check the /etc/sudoers file. If a user is removed from a permission list but still has sudo access, they can simply grant themselves permissions back. Always audit the sudoers list when offboarding a user.

Enterprise Collaboration and Productivity Tools

Tools like SharePoint, Notion, and Slack have unique hierarchies where users might be "Guests," "Members," or "Admins."

SharePoint Online Advanced Permissions

SharePoint is notorious for its complexity. While the "Manage Access" panel works for simple tasks, professional administrators often need the "Advanced" view.

  1. Navigate to Settings: Click the gear icon in the top right and select Site permissions.
  2. Advanced Settings: Click Advanced permissions settings at the bottom. This takes you to the classic SharePoint permissions management page.
  3. Selection and Removal: Check the box next to the user or group name. In the ribbon at the top, click Remove User Permissions.
  4. Confirmation: Click OK on the browser prompt.

Pro Tip: In SharePoint, it is better to manage permissions via Groups rather than individuals. If you find yourself frequently removing individual users from lists, consider creating a "Read-Only Group" and managing the group membership instead of the file-level permission list.

Notion Workspace Access

Notion allows for "Workspace members" and "Page guests." Removing them requires checking both levels.

  1. Page Level: Click the Share button at the top right of the page. You will see a list of guests. Click the dropdown next to their name and select Remove.
  2. Workspace Level: If the user is a full member, go to Settings & Members. Under the Members tab, find the person and change their access to Remove from workspace.

Administrative and Technical Platforms

For developers and data analysts, removing access to infrastructure or tracking tools is a high-priority task.

AWS Identity and Access Management (IAM)

In AWS, access is rarely granted to a "list" on a file; instead, it is granted via policies and groups.

  1. IAM Console: Log in to the AWS Management Console and navigate to IAM.
  2. User Groups: Most users get their permissions from groups. Click User groups in the left sidebar.
  3. Member Removal: Click on the specific group name. Go to the Users tab. Select the user and click Remove users.
  4. Individual Policies: If the user still has access, check their specific User profile. Go to the Permissions tab and see if any "Inline policies" are attached directly to them. These must be deleted individually to fully revoke access.

Google Analytics 4 (GA4) Account and Property Access

Google Analytics handles permissions at the Account, Property, and Sub-property levels.

  1. Admin Access: Click the Admin (gear icon) in the bottom left.
  2. Access Management: Depending on the scope, click Account Access Management or Property Access Management.
  3. Search and Delete: Use the search bar to find the user's email. Click the three dots at the end of their row and select Remove access.

In our tests with GA4, permissions flow downward. If you remove someone at the Property level but they are still on the Account-level list, they will retain access to that property. You must verify the highest level of the hierarchy.

Why Users Sometimes Remain on the List After Removal

One of the most frustrating experiences for a system administrator is removing a user, only to find they still have access or their name reappears. This usually happens for three reasons:

1. Permission Caching

Many systems, especially Windows Active Directory and large-scale SaaS platforms like Microsoft 365, do not update permissions instantaneously. There is often a "TTL" (Time to Live) for the security token. The user may retain access until their current session expires or the system performs a sync (which can take 15 minutes to 2 hours).

2. Nested Groups

A user might be added to a list individually AND as part of a group (e.g., "All Staff"). If you remove the individual entry but they remain in the "All Staff" group, their access persists. This is a common oversight in SharePoint and AWS IAM.

3. Duplicate Accounts

In professional environments, users often have multiple identities (e.g., a personal Gmail and a corporate Google Workspace account). Ensure you are removing the correct identity.

Best Practices for Permission Management

To avoid the tedious task of manually scrubbing users from dozens of permission lists, adopt these industry-standard practices:

  • Use Groups, Not Individuals: Always assign permissions to a group (e.g., "Marketing_Team"). When a person leaves the project, you only remove them from one group, and all their access across multiple folders is revoked automatically.
  • Regular Audits: Schedule a quarterly "Access Review." Use automated tools or manual spot-checks to see who is on your most sensitive permission lists.
  • The Principle of Least Privilege (POLP): Only grant the minimum level of access required. If someone only needs to read a document, do not put them on the "Editor" list. It is much easier to upgrade permissions than to clean up the mess after an unauthorized edit.
  • Offboarding Checklists: Create a standardized document for when an employee or contractor leaves. This should list every platform (Slack, Jira, AWS, Google Drive) that needs their access revoked.

Troubleshooting Common Removal Issues

I get an "Access Denied" error when trying to remove a user

This happens when you do not have "Owner" or "Administrator" rights. Even if you have "Editor" or "Full Control" over the content, some systems distinguish between "editing data" and "managing permissions." You must contact the original creator or a system admin.

The user's name keeps reappearing in the list

This is often a symptom of an automated provisioning script. In some companies, a central HR system (like Workday or Okta) automatically adds users to certain lists. If you remove them manually, the script "corrects" the list by adding them back. In this case, the removal must happen in the HR system, not the local permission list.

I removed the user, but they can still see the file

Check for "Public Links." If the file has a setting like "Anyone with the link can view," the user doesn't need to be on the "list" to see it. You must change the general access setting to "Restricted."

Summary of Removal Steps Across Major Platforms

Platform Primary Navigation Action
Google Drive Share > People with access Dropdown > Remove access
Windows Properties > Security > Edit Highlight User > Remove
SharePoint Site Settings > Site Permissions > Advanced Check Box > Remove User Permissions
AWS IAM IAM > User Groups > [Group Name] Users Tab > Remove Users
Linux (ACL) Command Line setfacl -x u:username filename
Notion Share (Page) or Settings (Workspace) Dropdown > Remove
Google Analytics Admin > Access Management Search > Remove access

Frequently Asked Questions (FAQ)

What happens to a user's files when I remove their permissions?

Removing a user from a permission list does not delete their files; it simply breaks the link between the user and the file. However, if you are deleting a user account (not just removing them from a list), you should always transfer ownership of their files to another user first, or those files may become "orphaned" and inaccessible.

Can I remove multiple users at once?

Most professional platforms (SharePoint, AWS, Google Workspace Admin) allow you to bulk-select users. In Windows, you can select multiple names in the Security tab by holding the Ctrl key while clicking.

Is there a difference between "Stop Sharing" and "Remove Access"?

In most contexts, these are synonymous. However, in Microsoft environments, "Stop Sharing" usually refers to disabling a specific link, while "Remove Access" refers to deleting a user's specific entry in the ACL.

Will the user be notified when I remove them from a list?

Generally, no. Most platforms do not send a notification when permissions are revoked. The user will simply find that the file has disappeared from their "Shared with me" folder, or they will receive an "Access Denied" message if they try to use an old link.

How do I remove a user who is the "Owner"?

You cannot remove an Owner from a permission list. You must first change the ownership of the file or folder to someone else (including yourself). Once the ownership is transferred, the previous owner becomes a regular "Editor," and you can then remove them using the standard steps.

By following these protocols, you can ensure that your digital assets remain secure and that only the right people have access to the right information at the right time. Regular maintenance of your permission lists is not just a technical task—it is a vital part of your overall security posture.