SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell

Requirement: Remove all unique permissions in a SharePoint Online List or Document Library.

How to Delete Unique permissions and Inherit from the parent in SharePoint Online?

Unique permissions give you granular control over who can access what in SharePoint Online. However, there may be requirements to restore a list or document library to its default permissions at times. Removing unique permissions and restoring permission inheritance for a list or library allows its security to be managed at the site level instead of managing the security separately from that list. To restore permission inheritance for a list or document library, do the following:

  1. Login to SharePoint Online and navigate to the list or library where you want to remove unique permissions. 
  2. On the ribbon, click on the List/Library tab, and then in the Settings group, click on List / Document Library Settings.
  3. Click on the “Permissions For This List” link from the List Settings page under the “Permissions And Management” group.
  4. On the ribbon, click the Permissions tab, and then in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.
    sharepoint online delete unique permissions powershell

This removes all unique permissions from the list and inherits permissions from its parent. All users with unique permissions will inherit the permissions of the parent object, such as site, library, or folder. Let’s see SharePoint Online PowerShell to Inherit Permissions from the parent site.

Delete Unique Permissions on a List or Document Library using PowerShell

If you decide that you no longer need unique permissions on a list or document library, you can remove them by PowerShell script too. Here is the SharePoint Online PowerShell to inherit permissions from the parent site:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to remove unique permissions and inherit from the parent
Function Remove-ListUniquePermissions
{
param
    (
        [Parameter(Mandatory=$true)] [string] $SiteURL,
        [Parameter(Mandatory=$true)] [string] $ListName
    )

    Try {
        $Cred= Get-Credential
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Credentials

        #sharepoint online powershell inherit permissions
        $List=$Ctx.Web.Lists.GetByTitle($ListName)
        $List.ResetRoleInheritance()
        $List.Update()
        $Ctx.ExecuteQuery()

        Write-Host "Unique Permissions are removed and inherited from the Parent!" -ForegroundColor Green
    }

    Catch {
        write-host -f Red "Error Deleting Unique Permissions!" $_.Exception.Message
    } 
}
#sharepoint online powershell reset permissions
$SiteURL="https://crescent.sharepoint.com"
$ListName="Projects"

#Call the function to remove unique permissions from a list
Remove-ListUniquePermissions -SiteURL $SiteURL -ListName $ListName

This PowerShell deletes all unique permissions of a given list and restores the permissions from the site.

PowerShell to Reset Permission Inheritance of All Lists of a Site Collection

To inherit permissions from the parent, use this PowerShell. It checks whether the given list has unique permissions and resets the unique permissions of the list by inheriting from the parent site.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to Delete Unique Permission from all lists of a Web
Function Reset-SPOListPermission([Microsoft.SharePoint.Client.Web]$Web)
{
    Write-host -f Magenta "Searching Unique Permissions on the Site:"$Web.Url    
       
    #Get All Lists of the web
    $Lists =  $Web.Lists
    $Ctx.Load($Lists)
    $Ctx.ExecuteQuery()

    #Exclude system lists
    $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
     "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library","Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images","Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
    
    #Iterate through each list
    ForEach($List in $Lists)
    {
        #Get the List
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()

        If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
        {
            #Check if the list is using unique permissions
            $List.Retrieve("HasUniqueRoleAssignments")
            $Ctx.ExecuteQuery()
 
            #Reset broken inheritance of the list
            If($List.HasUniqueRoleAssignments)
            {
                #delete unique permissions of the List
                $List.ResetRoleInheritance()
                $List.Update()
                $Ctx.ExecuteQuery()    
                Write-host -f Green "`tUnique Permissions Removed from the List: '$($List.Title)'"
            }
        }
    }

    #Process each subsite in the site
    $Subsites = $Web.Webs
    $Ctx.Load($Subsites)
    $Ctx.ExecuteQuery()        
    Foreach ($SubSite in $Subsites)
    {
        #Call the function Recursively
        Reset-SPOListPermission($Subsite)
    }
}

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/Retail"
 
#Get Credentials to connect
$Cred = Get-Credential
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
     
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()
    
    #Call the function to delete unique permission from all lists of a site collection
    Reset-SPOListPermission $Web
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

SharePoint Online: Delete Unique Permissions from a List using PnP PowerShell

Here is the PnP PowerShell to reset unique permissions and inherit permissions from the parent in the SharePoint Online list. The same script also applies to remove unique permissions in the SharePoint Online document library. 

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName ="Documents"

#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Context
$Context = Get-PnPContext
 
#Get the list
$List = Get-PnPList -Identity $ListName

#sharepoint online delete unique permissions powershell
$List.ResetRoleInheritance()
$Context.ExecuteQuery()

This will give all users who have access to the parent site access to the list or library. How about adding a condition to check if the list is using unique permissions, before trying to remove unique permissions?

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/retail"
$ListName = "Projects"

Try {
    #Connect to PnP Online
    Connect-PnPOnline -Url $SiteURL -Interactive

    #Get the list
    $List = Get-PnPList -Identity $ListName -Includes HasUniqueRoleAssignments

    #sharepoint online delete unique permissions powershell
    If($list.HasUniqueRoleAssignments)
    {
        $List.ResetRoleInheritance()
        Invoke-PnPQuery
        Write-host -f Green "Deleted unique permissions from the List!"
    }
    Else {
        Write-host -f Yellow "List is already inheriting permissions from the Parent!"
    }
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

If you want to delete unique permissions on List items in a list or library, use: SharePoint Online: Delete Unique Permissions for All Items in a List using PowerShell

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

4 thoughts on “SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell

  • Would love to see a complete script that deletes unique permissions at the folder & item level in batches. I have a library with 910,000 items and it’s been a real struggle, have tried 40+ scripts but all of them are trying to do it all in one go and this inevitably causes throttling or forcible disconnects. If a script took 10-20 hours to batch change, this would be totally acceptable since the job is nearly impossible any other way.

    Reply
    • Sharegate can find and remove custom permissions across a whole site, see the video at the bottom of this page https://documentation.sharegate.com/hc/en-us/articles/360038863291-Restore-inheritance

      Reply
  • I got error messages such as Exception calling “ExecuteQuery” with “0” argument(s): “The remote server returned an error: (429).”

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *