SharePoint Online: Remove User or Group from List Permissions using PowerShell

Requirement: Remove user or group from list permissions in SharePoint Online using PowerShell.

How to Remove User Permissions from a List in SharePoint Online?

Are you looking to remove a user or group from SharePoint Online list permission? Maybe you need to quickly revoke access for a user or group from the SharePoint Online list or document library. You can do this using the SharePoint Online UI or PowerShell. In this blog post, we’ll walk you through the steps of removing a user or group from a list in SharePoint Online using both methods.

To remove a user or group from SharePoint Online list permissions, follow these steps:

  1. Navigate to your SharePoint Online list or library. 
  2. Click on Settings gear >> Select “List Settings”.
  3. In the list settings page, click on “Permissions for this List” under the “Permissions and Management” group.
  4. If the List is not using unique permissions, Click on the “Stop Inhering Permissions” button and confirm the prompt.PowerShell to Remove user or group from list permissions in sharepoint online
  5. Locate the user in the list of users and groups, and click on the checkbox next to their name. Then, You can remove the user or group from the list permissions by clicking the “Remove User Permissions” button from the ribbon.

PowerShell to Remove User from List Permissions in SharePoint Online

Here is the SharePoint Online PowerShell to remove permissions:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Remove User from List Permissions
Function Remove-SPOUserFromListPermission($SiteURL,$ListName,$UserAccount)
{
    #Setup Credentials to connect
    $Cred = Get-Credential
    $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    Try {
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Cred
     
        #Get the List
        $List=$Ctx.Web.Lists.GetByTitle($ListName)
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()
        
        #Get the User
        $User = $ctx.Web.EnsureUser($UserAccount) 
        $Ctx.Load($User)
        $Ctx.ExecuteQuery()
 
        #Break Permission Inheritance
        $List.BreakRoleInheritance($true, $false)
        $Ctx.ExecuteQuery()

        #Get List Permissions
        $Ctx.Load($List.RoleAssignments)
        $ctx.ExecuteQuery()
        
        #Remove Group from List Permissions
        $List.RoleAssignments.GetByPrincipal($User).DeleteObject()
        $Ctx.ExecuteQuery()
 
        write-host  -f Green "User '$UserAccount' has been Removed from List '$ListName'"
    }
    Catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Variables for Processing
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName = "Documents"
$UserAccount = "Salaudeen@TheCrescent.com"
 
#Call the function to Remove user from List Permissions
Remove-SPOUserFromListPermission -SiteURL $SiteURL -ListName $ListName -UserAccount $UserAccount

PnP PowerShell to Remove User from List Permissions:

Let’s remove a user from the list’s permissions:

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName ="Documents"
$UserID= "i:0#.f|membership|Salaudeen@TheCrescentTech.com"

#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Context
$Context = Get-PnPContext
 
#Get the list & User objects
$List = Get-PnPList -Identity $ListName
$User = Get-PnPUser -Identity $UserID

#Break Permission Inheritance
Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments

#Remove User from List Permissions
$List.RoleAssignments.GetByPrincipal($User).DeleteObject()
$Context.ExecuteQuery()

SharePoint Online: Remove Group from List Permissions using PowerShell CSOM

Similarly, to delete a SharePoint group from a list, use this PowerShell script:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Remove Group from List Permissions
Function Remove-SPOGroupFromListPermission($SiteURL,$ListName,$GroupName)
{
    #Setup Credentials to connect
    $Cred = Get-Credential
    $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    Try {
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Cred
     
        #Get the List
        $List=$Ctx.Web.Lists.GetByTitle($ListName)
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()
        
        #Get the Group
        $Group = $Ctx.Web.SiteGroups.GetByName($GroupName) 
        $Ctx.Load($Group)
        $Ctx.ExecuteQuery()
 
        #Break Permission Inheritance
        $List.BreakRoleInheritance($true, $false)
        $Ctx.ExecuteQuery()

        #Get List Permissions
        $Ctx.Load($List.RoleAssignments)
        $ctx.ExecuteQuery()
        
        #Remove Group from List Permissions
        $List.RoleAssignments.GetByPrincipal($Group).DeleteObject()
        $Ctx.ExecuteQuery()
 
        write-host  -f Green "Group '$GroupName' has been Removed from List '$ListName'"
    }
    Catch {
        write-host -f Red "Error:" $_.Exception.Message
    }
}

#Variables for Processing
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName = "Documents"
$GroupName = "Sales Portal Members"
 
#Call the function to Remove group from SharePoint List permissions
Remove-SPOGroupFromListPermission -SiteURL $SiteURL -ListName $ListName -GroupName $GroupName

PnP PowerShell to Remove Group from List Permissions

Here is the PnP PowerShell to remove a SharePoint Group from list permissions:

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName ="Documents"
$GroupName= "Sales Portal Members"

#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Context
$Context = Get-PnPContext
 
#Get the list
$List = Get-PnPList -Identity $ListName
$Group = Get-PnPGroup -Identity $GroupName

#Break Permission Inheritance
Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments

#sharepoint online powershell remove group permissions
$List.RoleAssignments.GetByPrincipal($Group).DeleteObject()
$Context.ExecuteQuery()

By following these steps, you can remove a user or group from a list or document library in SharePoint Online. This can be a useful way to revoke a user’s permissions and restrict access to a list or library. To Add a user or group to SharePoint Online list or library permissions: SharePoint Online: Grant Permission to List or Library using PowerShell

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

3 thoughts on “SharePoint Online: Remove User or Group from List Permissions using PowerShell

  • Hi Salaudeen, quick question, I hope you can help me – if I want to remove all security groups from a document library do I need to specify each one individually or is there a way to clear all security groups in bulk?

    Thank you!
    Stefan

    Reply
  • Line 13 of PNP powershell remove from user, I’ve found I have to add “-Includes RoleAssignments” in the Get-PnpList, in order to then call $list.RoleAssignments….
    Love your work!!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *