SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell

Requirement: Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell.

One of the features of SharePoint Online is the ability to assign unique permissions to individual documents or folders. This allows for fine-grained control over who can access, edit, or delete specific items within the site. However, this also means that it can quickly become complex and difficult to manage, especially for large organizations. In this article, we will explore how to remove unique permissions in SharePoint Online.

Understanding Permission Inheritance

Before we jump into the nitty-gritty of restoring subsite permissions, let’s take a moment to understand the concept of permission inheritance in SharePoint.

The Default Behavior

By default, when you create a new subsite in SharePoint, it inherits permissions from its parent site. This means that whatever permissions are set on the parent site will automatically trickle down to the subsite. It’s like a family hierarchy, where the parent sets the rules, and the children follow suit.

Permission inheritance is a beautiful thing because it simplifies permission management. Instead of setting permissions individually for each subsite, you can control access at the parent level, and voila! All the subsites fall in line.

Breaking the Chain

However, there are times when you need to break free from the shackles of inheritance and grant unique permissions to a subsite. Maybe you have a super-secret project that requires restricted access, or perhaps you want to give a specific team exclusive rights to a particular subsite. That’s when you “break inheritance” and set custom permissions for that subsite.

How to Remove Unique Permissions of a SharePoint Online Site?

Removing unique permissions and restoring permission inheritance for a subsite allows its security to be managed at the parent site level instead of managing the security separately from that subsite. To restore permission inheritance for a subsite in SharePoint Online, do the following:

1. Login to SharePoint Online, Navigate to the Subsite that you want to remove unique permissions.
2. Click on Settings gear >> Site Settings >> Click on the “Site Permissions” link.
3. On the ribbon, click on the Permissions tab, and then, in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.

   

This removes unique permissions from the SharePoint Online subsite. After deleting the unique permissions, the yellow banner “This web site has unique permissions.” should disappear, and you should see a message indicating that the subsite is now inheriting permissions from its parent.

Please note that when you remove unique permissions, all custom permissions will be lost and cannot be restored!

Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell

Here is how to remove unique permissions in SharePoint Online subsite with PowerShell:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/2018"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
    
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()

    #Check if the given subsite is using unique permissions
    $Web.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()

    #Reset broken inheritance
    If($Web.HasUniqueRoleAssignments)
    {
        #delete unique permissions of a subsite in sharepoint online powershell
        $Web.ResetRoleInheritance()
        $Web.Update()
        $Ctx.ExecuteQuery()    
        Write-host -f Green "Unique Permissions Removed from the Site!"
    }
    Else
    {
        Write-host -f Yellow "Site is Already Inheriting Permissions from the Parent!"
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Upon execution, the unique permissions will now be removed, and the site will inherit its permissions from the parent site. By removing the unique permissions and restoring inheritance from the parent site, you can easily align the permissions of a subsite with its parent site.

PnP PowerShell to Reset Permissions Inheritance in SharePoint Online Subsite

Let’s see how to reset subsite permissions in SharePoint Online using PnP PowerShell. This procedure will restore permissions of a subsite with the same permission as its parent site.

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
 
#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
 
#Get the web
$Web = Get-PnPWeb

#Remove unique permissions
$Web.ResetRoleInheritance()
Invoke-PnPQuery

This command will delete the unique permissions of the specified subsite and restore inheritance from the parent site. It’s like waving a magic wand and watching the permissions fall back in line!

Now, I know some of you are thinking, “But what if I have multiple subsites? Ain’t nobody got time to click through each one!” Fear not, for PowerShell is here to save the day! Let’s remove unique permissions for all subsites in a site collection!

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"

Try {
    #Connect to SharePoint Online site
    Connect-PnPOnline -Url $SiteURL -Interactive

    #Get all subsites in SharePoint Online site using PnP PowerShell
    $WebsCollection = Get-PnPSubWeb -Recurse
 
    #Iterate through each subsite
    ForEach($Web in $WebsCollection)
    {
        #Check if web is using unique permissions
        $HasUniquePermissions =  $Web.retrieve("HasUniqueRoleAssignments")
        Invoke-PnPQuery
        
        If($Web.HasUniqueRoleAssignments)
        {
            #Remove unique permissions
            $Web.ResetRoleInheritance()
            Invoke-PnPQuery
            Write-Host "Unique Permissions Reset for $($Web.ServerRelativeURL)" -f Green
        }
    }
}
Catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

Conclusion

In summary, removing unique permissions from a subsite in SharePoint Online is a straightforward process. In this article, We’ve covered the fundamentals of permission inheritance and explored the step-by-step process of restoring permissions through the SharePoint user interface and PowerShell for bulk operations. By following the steps outlined in this article, you can quickly and easily revert back to the default permissions set for the site. There may come a time when these permissions need to be removed, either for security purposes or to simplify the permission structure of the site, which can be done through the use of PowerShell.

Remember, while breaking inheritance and setting unique permissions can be useful in certain scenarios, it’s essential to review and assess the need for custom permissions regularly. Restoring inheritance, when appropriate, helps maintain a clean and manageable permission structure, reducing complexity and ensuring consistency across your SharePoint environment.