Manage SharePoint Document Access During Employee Offboarding

When employees leave, IT and HR teams need to revoke document access across SharePoint quickly to prevent unauthorized data access. This workflow reviews the departing employee's SharePoint permissions across sites and document libraries, removes their access, and logs the changes for compliance records.

How the workflow runs

The scenario uses specific integration tools at each step, while Metorial keeps access scoped and visible.

  1. 1

    Identify all SharePoint sites with potential access

    List SharePoint sites across the organization to build a complete scope for the permission review.

    • microsoft-sharepoint:list_sites
  2. 2

    Search for content shared with the employee

    Search SharePoint for files and folders where the departing employee has been granted direct permissions.

    • microsoft-sharepoint:search
  3. 3

    Review document library permissions

    Retrieve the document libraries within relevant sites and review current permission grants for the employee.

    • microsoft-sharepoint:get_drive
  4. 4

    Revoke employee permissions

    Remove the departing employee's access from each file, folder, or site where direct permissions were found.

    • microsoft-sharepoint:manage_permissions
  5. 5

    Send offboarding completion summary

    Email HR and IT a summary of all permissions removed, including site names, document libraries, and any items requiring manual follow-up.

    • microsoft-outlook:send_message

Integrations used in this scenario

microsoft-sharepoint

List Sites

List SharePoint sites to identify all locations where the departing employee may have permissions.

View details

microsoft-sharepoint

Get Drives

Retrieve document libraries within each site to scope the permission review.

View details

microsoft-sharepoint

Manage Permissions

Review current permissions on files and folders and revoke the departing employee's access.

View details

microsoft-sharepoint

Search

Search across SharePoint content to find files or folders shared directly with the departing employee.

View details

microsoft-outlook

Send Email

Send a confirmation email to HR and IT summarizing the permissions removed and any items that require manual review.

View details

Connected systems

Integration

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

View Sharepoint

Integration

Microsoft Outlook

Send, read, reply to, forward, and manage email messages in user mailboxes. Organize messages into folders, apply categories, flags, and importance levels. Manage file and item attachments. Create, update, delete, and respond to calendar events and meetings. Find available meeting times, manage attendees, handle recurrence, and work with shared or delegated calendars. Create, read, update, and delete contacts, organize them into contact folders, and manage contact photos. Manage tasks and task lists via Microsoft To Do, including due dates, reminders, recurrence, and checklist items. Subscribe to webhook notifications for changes to messages, calendar events, and contacts. Support for Focused Inbox, @-mentions, mail tips, send-on-behalf, and send-as capabilities.

View Microsoft Outlook

Expected outcomes

Outcome 1

Departing employee SharePoint access is revoked systematically across all sites and libraries

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

Outcome 2

HR and IT receive a documented audit trail of all permission changes for compliance records

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

Outcome 3

Offboarding access reviews that previously took hours are completed in minutes with full coverage

Metorial keeps the workflow connected, governed, and traceable across the systems involved.

Explore scenarios

How Metorial powers this scenario

Metorial is the governed connection layer between your AI agents and the tools your company runs on. It turns workflows like manage sharepoint document access during employee offboarding into something you can deploy quickly, safely, and at scale.

Fast

Ready for your entire team

Connect 1000+ verified integrations through one Magic MCP URL instead of building and maintaining bespoke connectors for each system in this workflow.

Browse integrations

Secure

Guardrails on every action

Protoguard inspects every message and tool call for prompt injection and policy violations before an agent touches your systems.

See how Protoguard works

Enterprise

SSO, policies, and audit trails

Agents act on real identity under company SSO, with per-user and per-group access policies and a complete, searchable record of everything that happens.

Explore enterprise

Team ready

Reusable across your org

Package this workflow as a skill, attach the tools it needs, and let teammates run it through Portals — governed by admins, owned by the people who do the work.

See Skills & Portals

Products behind this workflow

The Metorial products that connect, govern, and observe this scenario.

Connectivity

Integrations

Start from 1000+ verified integrations or bring your own, and give every one a governed path to your agents under existing SSO and access policies.

Explore Integrations

Connectivity

Magic MCP

A single URL your AI client connects to. Sign in with the login you already use and your agent reaches every integration and tool you allow — no per-app setup.

Explore Magic MCP

Identity

Access Control

Sign in with company SSO, set policies per user and group, and let agents act on real identity across every connected system in this workflow.

Explore Access Control

Governance

Protoguard

Metorial’s security layer reviews every message and tool request before an agent acts — catching prompt injection and blocking anything outside your policies.

Explore Protoguard

Observability

Tracing

A complete, searchable record of everything your agents, team, and machines do across these integrations, so you can trust the workflow in production.

Explore Tracing

Governance

Portals

Let teammates connect agents to the integrations and skills your company already uses, with admins deciding who gets access to what.

Explore Portals

Built for your whole team

However you adopt AI, Metorial has a path for connecting it safely.

Solution

For Agents

Give the agents behind this scenario governed access to every tool and integration they need, with one connection layer instead of bespoke glue code.

Agents solution

Solution

For Enterprise

SSO, granular access control, security review, and full audit trails so this workflow meets enterprise governance and compliance requirements.

Enterprise solution

Solution

For your Workforce

Let the people who do this work connect their own AI agents to approved integrations and reusable skills — safely, without waiting on engineering.

Workforce solution

Build this workflow with your own tools

Metorial gives teams one governed layer for connecting integrations to real production work.