Home > > Delete Unique Permissions (Reset Broken Inheritance) in SharePoint 2013 using PowerShell

Delete Unique Permissions (Reset Broken Inheritance) in SharePoint 2013 using PowerShell

, , , , , Last updated: 2018-03-27T13:48:40Z
Got a requirement to reset customized permissions of a large set of SharePoint libraries and documents.You can reset the permission inheritance and delete unique permissions for a site/web/folder/item level where the inheritance was previously broken. E.g. for a library:
  1. Go to your library, Click on Library settings.
  2. In the settings page, under users and permissions, click on "Permissions for this document library"
  3. Click on "Delete Unique permissions" button in ribbon from Inheritance group.
For site level, You have to do this from: Site settings >> Site Permissions Link. And for folder/list item/file level, You can do the same by: Click on "Shared with" button from the ribbon (you can get the same from items context menu) >> Click on Advanced >> and click on "Delete unique permissions".
sharepoint remove unique permissions

The permission levels are set to Inherited from the parent and the permission level is updated to reflect the changes.Alright!

Needless to say, picking up each and every individual library and file to remove unique permissions is tedious, I wrote this PowerShell script to do the magic! Here is my PowerShell scripts to delete unique permissions at web, list, folder and list item levels.
Important: SharePoint 2013 permissions are inherited from Web level. So, If you break or reset inheritance at top level - All lists, libraries, folders and files will inherit permissions as in the parent web - customized permissions on list/folder/item level will go lost!

Reset Inheritance at site level using PowerShell:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing"

#get the list object
$web = Get-SPWeb $WebURL

# Check if web has Unique permission - Root webs always uses Unique permission
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
 {
      #Reset broken inheritance
      $web.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on web:" $web.URL
 }

SharePoint reset broken permissions on a list:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#get the list object
$List = (Get-SPweb $WebURL).lists.TryGetList($ListName)

# If List Exists with Unique permission
if ( ($list -ne $null) -and ($list.HasUniqueRoleAssignments) )
 {
      #Reset broken list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }

 <#To Reset Folder level inheritance, Use:
 foreach ($folder in $list.Folders) 
   {  
        if ($folder.HasUniqueRoleAssignments) 
        { 
            Write-Host "Resetting Folder inheritance at:" $folder.Url   
            $folder.ResetRoleInheritance()  
            $folder.Update() 
        } 
   }
 #>

Delete Unique permissions on all lists:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variable for Web URL
$WebURL ="https://intranet.crescent.com/marketing/"

#get Web object
$Web = Get-SPWeb $WebURL

#Get Lists with Unique permissions - Exclude Hidden lists
$ListColl =  $web.lists | Where-Object  {  ($_.HasUniqueRoleAssignments -eq $true)  -and ($_.hidden -eq $false) }

#Enumerate through each list and reset permission inheritance
foreach($list in $ListColl) #if($list) #Exists
 {
      #Reset list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }
Remove unique permissions on List Items:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#Get the list items with Unique permissions
$ListItems = (Get-SPweb $WebURL).lists.TryGetList($ListName).Items | Where {$_.HasUniqueRoleAssignments}

# If List Exists with Unique permission
Foreach($ListItem in $ListItems)
 {
      #Reset broken list item inheritance
       $ListItem.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List Item:" $ListItem.URL
 }
We can also delete unique permissions of all list items in a single line as: 
(Get-SPweb "https://intranet.crescent.com/marketing/").Lists["Invoices"].Items | Foreach-Object{ $_.ResetRoleInheritance() }
Related Posts:
Unique permissions are performance killers, in general! So, Avoid wherever possible!!


Related Posts:

16 comments:

  1. googleDecember 7, 2016 at 3:56 AM

    I've been having issues running this on powershell. Can you help me get to the point where I can run this script?

    Thanks!

    ReplyDelete
    Replies
    1. Salaudeen RajackDecember 12, 2016 at 1:22 PM

      Change the $WebURL variable in the script to your SharePoint site URL, Login to your SharePoint WFE, Run the script with either PowerShell ISE or from PowerShell console.

      Delete
  2. AnonymousDecember 12, 2016 at 9:38 PM

    I am using powershell v5 but unfortunately the script isn't working. I checked to see if I had the Get-SPWeb cmd installed by running the cmd to get all of my commands and didn't see it in the generated list. Any ideas?

    ReplyDelete
    Replies
    1. Salaudeen RajackJune 11, 2019 at 9:21 PM

      You must run this script from a SharePoint Server!

      Delete
  3. UnknownJanuary 10, 2019 at 4:17 AM

    Can this work for OneDrive?

    ReplyDelete
  4. IS 511September 20, 2019 at 1:08 AM

    Hello Saladeen,

    How can we use this script or what modification needs to be made, to include subsites?

    Regards,
    Abrar Ahmed

    ReplyDelete
    Replies
    1. Salaudeen RajackSeptember 20, 2019 at 1:20 AM

      Here is how to remove unique permissions of a subsite in SharePoint Online: How to Delete Unique Permissions in a SharePoint Online Subsite using PowerShell?

      Delete
    2. Abrar AhmedSeptember 20, 2019 at 6:47 PM

      This is helpful but I am looking to do this on SharePoint 2013 not online. Sorry I should have been more specific.

      Delete
    3. Salaudeen RajackSeptember 22, 2019 at 6:54 PM

      You mean, Remove unique permissions of a SharePoint On-Prem subsite? $web.ResetRoleInheritance() will do!

      Delete
  5. KashManFebruary 6, 2020 at 12:21 AM

    How can I make this read a CSV of sites. I have hundreds I need to reset inheritance

    ReplyDelete
  6. KashManFebruary 6, 2020 at 12:22 AM

    How do I make this get the site URL from a CSV file? I have hundreds of sites I need to perform this on.

    ReplyDelete
    Replies
    1. Salaudeen RajackFebruary 6, 2020 at 6:45 PM

      1. Create a CSV File with List of Site URLs
      2. Read the CSV File from PowerShell, Loop through the Rows
      3. Reset Permission Inheritance.

      #Get Data from CSV File
      $CSVData = Import-CSV -path "C:\SitesData.csv"

      #Iterate through each Row in the CSV
      foreach ($Row in $CSVData)
      {
      #Get the Web
      $web = Get-SPWeb -identity $CSVData.SiteURL

      # Check if web has Unique permission
      If ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
      {
      #Reset broken inheritance
      $web.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on web:" $web.URL
      }
      }

      Delete
  7. dhamleyMay 20, 2020 at 8:38 PM

    salaudeen could you plz suggest me like
    How to make share point 2010 individual subsite and its/list's/lib's read only mode

    ReplyDelete
    Replies
    1. Salaudeen RajackMay 22, 2020 at 3:53 PM

      The only available option is: Replace all other permissions of a subsite and its underlying objects with "Read"! Here is how: How to Make a Subsite Read-Only using PowerShell?

      Delete
  8. erkindunyaJune 25, 2020 at 9:26 PM

    Hi salaudeen,
    Reset broken inheritance on folders does not work, as some user creates folder with unique permission.
    Thanks

    ReplyDelete

Please Login and comment to get your questions answered!

Subscribe to: Post Comments ( Atom )
Powered by Blogger.