Delete Unique Permissions (Reset Broken Inheritance) in SharePoint 2013 using PowerShell

Got a requirement to reset customized permissions of a large set of SharePoint libraries and documents.You can reset the permission inheritance and delete unique permissions for a site/web/folder/item level where the inheritance was previously broken. E.g. for a library:

Go to your library, Click on Library settings.
In the settings page, under users and permissions, click on "Permissions for this document library"
Click on "Delete Unique permissions" button in ribbon from Inheritance group.

For site level, You have to do this from: Site settings >> Site Permissions Link. And for folder/list item/file level, You can do the same by: Click on "Shared with" button from the ribbon (you can get the same from items context menu) >> Click on Advanced >> and click on "Delete unique permissions".

The permission levels are set to Inherited from the parent and the permission level is updated to reflect the changes.Alright!

Needless to say, picking up each and every individual library and file to remove unique permissions is tedious, I wrote this PowerShell script to do the magic! Here is my PowerShell scripts to delete unique permissions at web, list, folder and list item levels.

Important: SharePoint 2013 permissions are inherited from Web level. So, If you break or reset inheritance at top level - All lists, libraries, folders and files will inherit permissions as in the parent web - customized permissions on list/folder/item level will go lost!

Reset Inheritance at site level using PowerShell:

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing"

#get the list object
$web = Get-SPWeb $WebURL

# Check if web has Unique permission - Root webs always uses Unique permission
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
 {
      #Reset broken inheritance
      $web.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on web:" $web.URL
 }

SharePoint reset broken permissions on a list:

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#get the list object
$List = (Get-SPweb $WebURL).lists.TryGetList($ListName)

# If List Exists with Unique permission
if ( ($list -ne $null) -and ($list.HasUniqueRoleAssignments) )
 {
      #Reset broken list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }

 <#To Reset Folder level inheritance, Use:
 foreach ($folder in $list.Folders) 
   {  
        if ($folder.HasUniqueRoleAssignments) 
        { 
            Write-Host "Resetting Folder inheritance at:" $folder.Url   
            $folder.ResetRoleInheritance()  
            $folder.Update() 
        } 
   }
 #>

Delete Unique permissions on all lists:

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variable for Web URL
$WebURL ="https://intranet.crescent.com/marketing/"

#get Web object
$Web = Get-SPWeb $WebURL

#Get Lists with Unique permissions - Exclude Hidden lists
$ListColl =  $web.lists | Where-Object  {  ($_.HasUniqueRoleAssignments -eq $true)  -and ($_.hidden -eq $false) }

#Enumerate through each list and reset permission inheritance
foreach($list in $ListColl) #if($list) #Exists
 {
      #Reset list inheritance
      $list.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List:" $list.Title
 }

Remove unique permissions on List Items:

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

#Variables for Web URL, List Name
$WebURL ="https://intranet.crescent.com/marketing/"
$ListName ="Invoices" 

#Get the list items with Unique permissions
$ListItems = (Get-SPweb $WebURL).lists.TryGetList($ListName).Items | Where {$_.HasUniqueRoleAssignments}

# If List Exists with Unique permission
Foreach($ListItem in $ListItems)
 {
      #Reset broken list item inheritance
       $ListItem.ResetRoleInheritance()
      Write-host "Broken Inheritance Reset on List Item:" $ListItem.URL
 }

We can also delete unique permissions of all list items in a single line as:

(Get-SPweb "https://intranet.crescent.com/marketing/").Lists["Invoices"].Items | Foreach-Object{ $_.ResetRoleInheritance() }

Unique permissions are performance killers, in general! So, Avoid wherever possible!!

Disclaimer

15 comments:

googleDecember 7, 2016 at 3:56 AM
I've been having issues running this on powershell. Can you help me get to the point where I can run this script?

Thanks!
AnonymousDecember 12, 2016 at 9:38 PM
I am using powershell v5 but unfortunately the script isn't working. I checked to see if I had the Get-SPWeb cmd installed by running the cmd to get all of my commands and didn't see it in the generated list. Any ideas?
UnknownJanuary 10, 2019 at 4:17 AM
Can this work for OneDrive?
IS 511September 20, 2019 at 1:08 AM
Hello Saladeen,

How can we use this script or what modification needs to be made, to include subsites?

Regards,
Abrar Ahmed
KashManFebruary 6, 2020 at 12:21 AM
How can I make this read a CSV of sites. I have hundreds I need to reset inheritance
KashManFebruary 6, 2020 at 12:22 AM
How do I make this get the site URL from a CSV file? I have hundreds of sites I need to perform this on.
dhamleyMay 20, 2020 at 8:38 PM
salaudeen could you plz suggest me like
How to make share point 2010 individual subsite and its/list's/lib's read only mode