Saturday, December 27, 2014

Delete Unique Permissions (Reset Broken Inheritance) In SharePoint 2013 using PowerShell

Got a requirement to reset customized permissions of a large set of SharePoint libraries and documents.You can reset the permission inheritance and delete unique permissions for a site/web/folder/item level where the inheritance was previously broken. E.g. for a library:

  1. Go to your library, Click on Library settings.
  2. In the settings page, under users and permissions, click on "Permissions for this document library"
  3. Click on "Delete Unique permissions" button in ribbon from Inheritance group.
For site level, You have to do this from: Site settings >> Site Permissions Link. And for folder/list item/file level, You can do the same by: Click on "Shared with" button from the ribbon (you can get the same from items context menu) >> Click on Advanced >> and click on "Delete unique permissions".
sharepoint remove unique permissions

The permission levels are set to Inherited from the parent and the permission level is updated to reflect the changes.Alright!

Needless to say, picking up each and every individual library and file to remove unique permissions is tedious, I wrote this PowerShell script to do the magic! Here is my PowerShell scripts to delete unique permissions at web, list, folder and list item levels.
Important: SharePoint 2013 permissions are inherited from Web level. So, If you break or reset inheritance at top level - All lists, libraries, folders and files will inherit permissions as in the parent web - customized permissions on list/folder/item level will go lost!

Reset Inheritance at site level using PowerShell:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing"

#get the list object
$web = Get-SPWeb $WebURL

# Check if web has Unique permission - Root webs always uses Unique permission
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
 {
      #Reset broken inheritance
      $web.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on web:" $web.URL
 }

SharePoint reset broken permissions on a list:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#get the list object
$List = (Get-SPweb $WebURL).lists.TryGetList($ListName)

# If List Exists with Unique permission
if ( ($list -ne $null) -and ($list.HasUniqueRoleAssignments) )
 {
      #Reset broken list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }

 <#To Reset Folder level inheritance, Use:
 foreach ($folder in $list.Folders) 
   {  
        if ($folder.HasUniqueRoleAssignments) 
        { 
            Write-Host "Resetting Folder inheritance at:" $folder.Url   
            $folder.ResetRoleInheritance()  
            $folder.Update() 
        } 
   }
 #>

Delete Unique permissions on all lists:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variable for Web URL
$WebURL ="https://intranet.crescent.com/marketing/"

#get Web object
$Web = Get-SPWeb $WebURL

#Get Lists with Unique permissions - Exclude Hidden lists
$ListColl =  $web.lists | Where-Object  {  ($_.HasUniqueRoleAssignments -eq $true)  -and ($_.hidden -eq $false) }

#Enumerate through each list and reset permission inheritance
foreach($list in $ListColl) #if($list) #Exists
 {
      #Reset list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }

Remove unique permissions on List Items:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#Get the list items with Unique permissions
$ListItems = (Get-SPweb $WebURL).lists.TryGetList($ListName).Items | Where {$_.HasUniqueRoleAssignments}

# If List Exists with Unique permission
Foreach($ListItem in $ListItems)
 {
      #Reset broken list item inheritance
       $ListItem.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List Item:" $ListItem.URL
 }
We can also delete unique permissions of all list items in a single line as:
(Get-SPweb "https://intranet.crescent.com/marketing/").Lists["Invoices"].Items | Foreach-Object{ $_.ResetRoleInheritance() }
Related Posts:
Unique permissions are performance killers, in general! So, Avoid wherever possible!!



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

1 comment :

  1. I've been having issues running this on powershell. Can you help me get to the point where I can run this script?

    Thanks!

    ReplyDelete

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...