SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell

Requirement: SharePoint Online remove all unique permissions in a List or Document Library.

How to Delete Unique permissions and Inherit from the parent in SharePoint Online?

Unique permissions give you granular control over who can access what in SharePoint Online. However, there may be requirements to restore a list or document library to its default permissions at times. Removing unique permissions and restoring permission inheritance for a list or library allows its security to be managed at the site level instead of managing the security separately from that list. To restore permission inheritance for a list or library, do the following:

  1. Login to SharePoint Online and navigate to the list or library where you want to remove unique permissions. 
  2. On the ribbon, click on the List/Library tab, and then in the Settings group, click on List / Library Settings.
  3. Click on the “Permissions For This List” link from the List Settings page under the “Permissions And Management” group.
  4. On the ribbon, click the Permissions tab, and then in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.
    sharepoint online delete unique permissions powershell

This removes all unique permissions from the list and inherits permissions from its parent. All users who had unique permissions will inherit the permissions of the parent object such as site, library, or folder. Let’s see SharePoint Online PowerShell to Inherit Permissions from the parent site.

Delete Unique Permissions on a List or Library in SharePoint Online using PowerShell

If you decide that you no longer need unique permissions on a list or document library, you can remove them by PowerShell script too. Here is the SharePoint Online PowerShell to inherit permissions from the parent site:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to remove unique permissions and inherit from the parent
Function Remove-ListUniquePermissions
{
param
    (
        [Parameter(Mandatory=$true)] [string] $SiteURL,
        [Parameter(Mandatory=$true)] [string] $ListName
    )

    Try {
        $Cred= Get-Credential
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Credentials

        #sharepoint online powershell inherit permissions
        $List=$Ctx.Web.Lists.GetByTitle($ListName)
        $List.ResetRoleInheritance()
        $List.Update()
        $Ctx.ExecuteQuery()

        Write-Host "Unique Permissions are removed and inherited from the Parent!" -ForegroundColor Green
    }

    Catch {
        write-host -f Red "Error Deleting Unique Permissions!" $_.Exception.Message
    } 
}
#sharepoint online powershell reset permissions
$SiteURL="https://crescent.sharepoint.com"
$ListName="Projects"

#Call the function to remove unique permissions from a list
Remove-ListUniquePermissions -SiteURL $SiteURL -ListName $ListName

This PowerShell deletes all unique permissions of a given list and restores the permissions from the site.

PowerShell to Reset Permission Inheritance of All Lists of a Site Collection

To inherit permissions from the parent, use this PowerShell. It checks whether the given list has unique permissions and resets the unique permissions of the list by inheriting from the parent site.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to Delete Unique Permission from all lists of a Web
Function Reset-SPOListPermission([Microsoft.SharePoint.Client.Web]$Web)
{
    Write-host -f Magenta "Searching Unique Permissions on the Site:"$Web.Url    
       
    #Get All Lists of the web
    $Lists =  $Web.Lists
    $Ctx.Load($Lists)
    $Ctx.ExecuteQuery()

    #Exclude system lists
    $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
     "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library","Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images","Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
    
    #Iterate through each list
    ForEach($List in $Lists)
    {
        #Get the List
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()

        If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
        {
            #Check if the list is using unique permissions
            $List.Retrieve("HasUniqueRoleAssignments")
            $Ctx.ExecuteQuery()
 
            #Reset broken inheritance of the list
            If($List.HasUniqueRoleAssignments)
            {
                #delete unique permissions of the List
                $List.ResetRoleInheritance()
                $List.Update()
                $Ctx.ExecuteQuery()    
                Write-host -f Green "`tUnique Permissions Removed from the List: '$($List.Title)'"
            }
        }
    }

    #Process each subsite in the site
    $Subsites = $Web.Webs
    $Ctx.Load($Subsites)
    $Ctx.ExecuteQuery()        
    Foreach ($SubSite in $Subsites)
    {
        #Call the function Recursively
        Reset-SPOListPermission($Subsite)
    }
}

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/Retail"
 
#Get Credentials to connect
$Cred = Get-Credential
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
     
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()
    
    #Call the function to delete unique permission from all lists of a site collection
    Reset-SPOListPermission $Web
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

SharePoint Online: Delete Unique Permissions from a List using PnP PowerShell

Here is the PnP PowerShell to reset unique permissions and inherit permissions from the parent in the SharePoint Online list.

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName ="Documents"

#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Context
$Context = Get-PnPContext
 
#Get the list
$List = Get-PnPList -Identity $ListName

#sharepoint online delete unique permissions powershell
$List.ResetRoleInheritance()
$Context.ExecuteQuery()

This will give all users who have access to the parent site access to the list or library. If you want to delete unique permissions on List items in a list or library, use: SharePoint Online: Delete Unique Permissions for All Items in a List using PowerShell

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

2 thoughts on “SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell

Leave a Reply

Your email address will not be published. Required fields are marked *