SharePoint Online: Delete All Unique Permissions from a Site Collection using PowerShell
Requirement: Remove unique permissions from a SharePoint Online site collection and restore permission inheritance from the parent.
How to reset SharePoint permissions to default?
If you’re ever in a situation where you need to reset SharePoint permissions but don’t know how to do it, this is the article for you! In this quick and easy guide, we’ll explain all you need to know about resetting permissions on a Sharepoint site, using permissions inheritance of a list or library as an example. To reset SharePoint Permissions to default, follow these steps:
- Login to your SharePoint Online site >> Navigate to the list or library.
- Click on the “Settings” gear and choose “List Settings.”
- In the “List Settings” page, click on “Permissions for this list” or “Permissions for this document library.”
- You should see the “This library has unique permissions.” banner on the top. Click on the “Delete unique permissions” button and confirm the prompt to reset the document library permissions to their default.
The same procedure applies to resetting unique permissions of any SharePoint objects such as subsite, folder, file, etc.
PowerShell Script to Restore Permission Inheritance in SharePoint Online
SharePoint Online allows us to manage permissions at a more granular level when we need unique permissions to objects such as subsite, list, folder, or list items. By default, any object we create in the site inherits permissions from its parent. E.g., A list created in a subsite inherits permission from the site.
However, it is recommended to have the permission inheritance intact, as a broken inheritance at subsite-list-item levels adds extra burden to the Administrators and the site’s performance. When you have hundreds of items with unique permissions, it adds more complexity while resolving permissions issues. This PowerShell removes unique permissions on a given site collection’s content, such as:
- All subsites
- Lists and libraries
- Folders and List Items.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to Delete Unique Permission from a Web and its content
Function Reset-SPOUniquePermission([Microsoft.SharePoint.Client.Web]$Web)
{
Write-host -f Magenta "`nSearching Unique Permissions on the Site:"$web.Url
#Check if the given site is using unique permissions
$Web.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
#Get the Root Web
$RootWeb = $ctx.site.RootWeb
$Ctx.Load($RootWeb)
$Ctx.ExecuteQuery()
### Reset broken inheritance on the Web
If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)
{
#powershell to delete unique permissions of a subsite in sharepoint online
$Web.ResetRoleInheritance()
$Web.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "`t Unique Permissions Removed from the Site: $SiteURL!"
}
### Reset unique permission in Lists
Write-host -f Magenta "`t Searching Unique Permissions on the Lists"
$Lists = $Web.Lists
$Ctx.Load($Lists)
$Ctx.ExecuteQuery()
#Exclude system lists
$ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
"Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",
,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",
"Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
#Iterate through each list
ForEach($List in $Lists)
{
$Ctx.Load($List)
$Ctx.ExecuteQuery()
If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
{
#Check if the given site is using unique permissions
$List.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
#Reset broken inheritance of the list
If($List.HasUniqueRoleAssignments)
{
#delete unique permissions of a subsite in sharepoint online powershell
$List.ResetRoleInheritance()
$List.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "`t`tUnique Permissions Removed from the List: '$($List.Title)'"
}
Write-host -f Magenta "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"
#Query to batch process
$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
### Reset unique permission on List items
Do {
#Get all items from the list - in batches
$ListItems = $List.GetItems($Query)
$Ctx.Load($ListItems)
$Ctx.ExecuteQuery()
$Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
#Loop through each List item
ForEach($ListItem in $ListItems)
{
$ListItem.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
if ($ListItem.HasUniqueRoleAssignments -eq $true)
{
#Reset Permission Inheritance
$ListItem.ResetRoleInheritance()
Write-host -ForegroundColor Green "`t`t`t Unique Permissions Removed and Inheritence Restored on Item ID:" $ListItem.ID
}
}
$Ctx.ExecuteQuery()
} While ($Query.ListItemCollectionPosition -ne $null)
}
}
#Process each subsite in the site
$Subsites = $Web.Webs
$Ctx.Load($Subsites)
$Ctx.ExecuteQuery()
Foreach ($SubSite in $Subsites)
{
#Call the function Recursively
Reset-SPOUniquePermission($Subsite)
}
}
#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
#Get the Web
$Web = $Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Call the function to delete unique permission from all sites in the site collection
Reset-SPOUniquePermission $Web
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
Please note, specific lists and libraries like “Style Library” need to have unique permissions to allow everyone to consume their resources. So, We’ve excluded system lists and libraries.
Conclusion:
By following the steps outlined in this article, you can successfully delete all unique permissions from a SharePoint Online site collection using PowerShell. This process can be particularly useful if you want to reset all unique permissions for all objects, such as subsites, lists and libraries, folders, list items, and files, in your SharePoint sites. However, it is important to note that removing all unique permissions can have significant implications for your SharePoint environment, as it can’t be reversed! So, it is recommended that this process be carried out with caution.
Hello,
i testet your script and for me it always delete the unique permission of one site with its subsites but not for all sites in a site collection.
Is there are script, which can do this?
So i would run it once and it delete all unique permission in my whole sharepoint?
Kind regards
Christian
This script resets the broken permissions on all subsites, lists and libraries, and list items in the given site collection.