Delete Unique Permissions (Reset Broken Inheritance) in SharePoint 2013 using PowerShell
Got a requirement to reset customized permissions of a large set of SharePoint libraries and documents.You can reset the permission inheritance and delete unique permissions for a site/web/folder/item level where the inheritance was previously broken. E.g. for a library:
The permission levels are set to Inherited from the parent and the permission level is updated to reflect the changes.Alright!
Needless to say, picking up each and every individual library and file to remove unique permissions is tedious, I wrote this PowerShell script to do the magic! Here is my PowerShell scripts to delete unique permissions at web, list, folder and list item levels.
Reset Inheritance at site level using PowerShell:
SharePoint reset broken permissions on a list:
Delete Unique permissions on all lists:
- Go to your library, Click on Library settings.
- In the settings page, under users and permissions, click on "Permissions for this document library"
- Click on "Delete Unique permissions" button in ribbon from Inheritance group.
The permission levels are set to Inherited from the parent and the permission level is updated to reflect the changes.Alright!
Needless to say, picking up each and every individual library and file to remove unique permissions is tedious, I wrote this PowerShell script to do the magic! Here is my PowerShell scripts to delete unique permissions at web, list, folder and list item levels.
Important: SharePoint 2013 permissions are inherited from Web level. So, If you break or reset inheritance at top level - All lists, libraries, folders and files will inherit permissions as in the parent web - customized permissions on list/folder/item level will go lost!
Reset Inheritance at site level using PowerShell:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue #Variables for Web URL, List Name $WebURL ="https://intranet.crescent.com/marketing" #get the list object $web = Get-SPWeb $WebURL # Check if web has Unique permission - Root webs always uses Unique permission if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) ) { #Reset broken inheritance $web.ResetRoleInheritance() Write-host "Broken Inheritance Reset on web:" $web.URL }
SharePoint reset broken permissions on a list:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue #Variables for Web URL, List Name $WebURL ="https://intranet.crescent.com/marketing/" $ListName ="Invoices" #get the list object $List = (Get-SPweb $WebURL).lists.TryGetList($ListName) # If List Exists with Unique permission if ( ($list -ne $null) -and ($list.HasUniqueRoleAssignments) ) { #Reset broken list inheritance $list.ResetRoleInheritance() Write-host "Broken Inheritance Reset on List:" $list.Title } <#To Reset Folder level inheritance, Use: foreach ($folder in $list.Folders) { if ($folder.HasUniqueRoleAssignments) { Write-Host "Resetting Folder inheritance at:" $folder.Url $folder.ResetRoleInheritance() $folder.Update() } } #>
Delete Unique permissions on all lists:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue #Variable for Web URL $WebURL ="https://intranet.crescent.com/marketing/" #get Web object $Web = Get-SPWeb $WebURL #Get Lists with Unique permissions - Exclude Hidden lists $ListColl = $web.lists | Where-Object { ($_.HasUniqueRoleAssignments -eq $true) -and ($_.hidden -eq $false) } #Enumerate through each list and reset permission inheritance foreach($list in $ListColl) #if($list) #Exists { #Reset list inheritance $list.ResetRoleInheritance() Write-host "Broken Inheritance Reset on List:" $list.Title }Remove unique permissions on List Items:
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue #Variables for Web URL, List Name $WebURL ="https://intranet.crescent.com/marketing/" $ListName ="Invoices" #Get the list items with Unique permissions $ListItems = (Get-SPweb $WebURL).lists.TryGetList($ListName).Items | Where {$_.HasUniqueRoleAssignments} # If List Exists with Unique permission Foreach($ListItem in $ListItems) { #Reset broken list item inheritance $ListItem.ResetRoleInheritance() Write-host "Broken Inheritance Reset on List Item:" $ListItem.URL }We can also delete unique permissions of all list items in a single line as:
(Get-SPweb "https://intranet.crescent.com/marketing/").Lists["Invoices"].Items | Foreach-Object{ $_.ResetRoleInheritance() }Related Posts:
Unique permissions are performance killers, in general! So, Avoid wherever possible!!
I've been having issues running this on powershell. Can you help me get to the point where I can run this script?
ReplyDeleteThanks!
Change the $WebURL variable in the script to your SharePoint site URL, Login to your SharePoint WFE, Run the script with either PowerShell ISE or from PowerShell console.
DeleteI am using powershell v5 but unfortunately the script isn't working. I checked to see if I had the Get-SPWeb cmd installed by running the cmd to get all of my commands and didn't see it in the generated list. Any ideas?
ReplyDeleteYou must run this script from a SharePoint Server!
DeleteCan this work for OneDrive?
ReplyDeleteYes, Works on OneDrive On-premises!
DeleteHello Saladeen,
ReplyDeleteHow can we use this script or what modification needs to be made, to include subsites?
Regards,
Abrar Ahmed
Here is how to remove unique permissions of a subsite in SharePoint Online: How to Delete Unique Permissions in a SharePoint Online Subsite using PowerShell?
DeleteThis is helpful but I am looking to do this on SharePoint 2013 not online. Sorry I should have been more specific.
DeleteYou mean, Remove unique permissions of a SharePoint On-Prem subsite? $web.ResetRoleInheritance() will do!
DeleteHow can I make this read a CSV of sites. I have hundreds I need to reset inheritance
ReplyDeleteHow do I make this get the site URL from a CSV file? I have hundreds of sites I need to perform this on.
ReplyDelete1. Create a CSV File with List of Site URLs
Delete2. Read the CSV File from PowerShell, Loop through the Rows
3. Reset Permission Inheritance.
#Get Data from CSV File
$CSVData = Import-CSV -path "C:\SitesData.csv"
#Iterate through each Row in the CSV
foreach ($Row in $CSVData)
{
#Get the Web
$web = Get-SPWeb -identity $CSVData.SiteURL
# Check if web has Unique permission
If ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
{
#Reset broken inheritance
$web.ResetRoleInheritance()
Write-host "Broken Inheritance Reset on web:" $web.URL
}
}
salaudeen could you plz suggest me like
ReplyDeleteHow to make share point 2010 individual subsite and its/list's/lib's read only mode
The only available option is: Replace all other permissions of a subsite and its underlying objects with "Read"! Here is how: How to Make a Subsite Read-Only using PowerShell?
DeleteHi salaudeen,
ReplyDeleteReset broken inheritance on folders does not work, as some user creates folder with unique permission.
Thanks