SharePoint Online: Delete All Unique Permissions from a Site Collection using PowerShell

Requirement: Remove unique permissions from a SharePoint Online site collection and restore permission inheritance from the parent.
Delete Unique Permissions in SharePoint Online Site using PowerShell

PowerShell Script to Restore Permission Inheritance in SharePoint Online:
SharePoint Online allows us to manage permissions at more granular level when we need unique permissions to objects such as subsite, list, folder or list items. By default, any object we create in the site inherits permissions from its parent. E.g. List created in a subsite inherits permission from the site. 

However, its recommended to have the permission inheritance intact, as Broken inheritance at subsite-list-item levels adds extra burden to the Administrators and to the performance of the site. When you have hundreds of items with unique permissions, it adds more complexity while resolving permissions issues. This PowerShell removes unique permissions on given site collection's content, such as:
  • All subsites
  • Lists and libraries
  • Folders and List Items.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#To call a non-generic Load Method
Function Invoke-LoadMethod() {
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName
   $Ctx = $Object.Context
   $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $Type = $Object.GetType()
   $ClientLoad = $Load.MakeGenericMethod($Type)
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)

#Function to Delete Unique Permission from a Web and its content
Function Reset-SPOUniquePermission([Microsoft.SharePoint.Client.Web]$Web)
    Write-host -f Magenta "`nSearching Unique Permissions on the Site:"$web.Url
    #Check if the given site is using unique permissions
    Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
    #Get the Root Web
    $RootWeb = $

    ### Reset broken inheritance on the Web
    If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)
        #powershell to delete unique permissions of a subsite in sharepoint online
        Write-host -f Green "`t Unique Permissions Removed from the Site: $SiteURL!"
    ### Reset unique permission in Lists
    Write-host -f Magenta "`t Searching Unique Permissions on the Lists"
    $Lists =  $Web.Lists

    #Exclude system lists
    $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
     "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",
     ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",
     "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
    #Iterate through each list
    ForEach($List in $Lists)

        If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
            #Check if the given site is using unique permissions
            Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments"
            #Reset broken inheritance of the list
                #delete unique permissions of a subsite in sharepoint online powershell
                Write-host -f Green "`t`tUnique Permissions Removed from the List: '$($List.Title)'"

            Write-host -f Magenta "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"

            #Query to batch process
            $Query = New-Object Microsoft.SharePoint.Client.CamlQuery
            $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"

            ### Reset unique permission on List items
            Do {  
                #Get all items from the list - in batches
                $ListItems = $List.GetItems($Query)
                $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
                #Loop through each List item
                ForEach($ListItem in $ListItems)
                    Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"
                    if ($ListItem.HasUniqueRoleAssignments -eq $true)
                        #Reset Permission Inheritance
                        Write-host  -ForegroundColor Green "`t`t`t Unique Permissions Removed and Inheritence Restored on Item ID:" $ListItem.ID
            } While ($Query.ListItemCollectionPosition -ne $null)

    #Process each subsite in the site
    $Subsites = $Web.Webs
    Foreach ($SubSite in $Subsites)
        #Call the function Recursively

#Config Parameters
$SiteURL= ""
#Get Credentials to connect
$Cred = Get-Credential
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
    #Get the Web
    $Web = $Ctx.Web
    #Call the function to delete unique permission from all sites in the site collection
    Reset-SPOUniquePermission $Web
Catch {
    write-host -f Red "Error:" $_.Exception.Message
Please note, certain lists and libraries like "Style Library" needs to have unique permissions to allow everyone to consume its resources. So, We've excluded system lists and libraries.

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.