SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell
Requirement: Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell.
How to Remove Unique Permissions of a SharePoint Online Site?
One of the features of SharePoint Online is the ability to assign unique permissions to individual documents or folders. This allows for fine-grained control over who can access, edit, or delete specific items within the site. However, this also means that it can quickly become complex and difficult to manage, especially for large organizations. In this article, we will explore how to remove unique permissions in SharePoint Online.
Removing unique permissions and restoring permission inheritance for a subsite allows its security to be managed at the parent site level instead of managing the security separately from that subsite. To restore permission inheritance for a subsite in SharePoint Online, do the following:
- Login to SharePoint Online, Navigate to the Subsite that you want to remove unique permissions.
- Click on Settings gear >> Site Settings >> Click on the “Site Permissions” link.
- On the ribbon, click on the Permissions tab, and then, in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.
This removes unique permissions from the SharePoint Online subsite. Please note, When you remove unique permissions, all custom permissions will be lost and cannot be restored!
Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell
Here is how to remove unique permissions in SharePoint Online subsite with PowerShell:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/2018"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
#Get the Web
$Web = $Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Check if the given subsite is using unique permissions
$Web.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
#Reset broken inheritance
If($Web.HasUniqueRoleAssignments)
{
#delete unique permissions of a subsite in sharepoint online powershell
$Web.ResetRoleInheritance()
$Web.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "Unique Permissions Removed from the Site!"
}
Else
{
Write-host -f Yellow "Site is Already Inheriting Permissions from the Parent!"
}
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
Upon execution, the unique permissions will now be removed, and the site will inherit its permissions from the parent site.
PnP PowerShell to Reset Permissions Inheritance in SharePoint Online Subsite
Let’s see how to reset subsite permissions in SharePoint Online using PnP PowerShell. This procedure will restore permissions of a subsite with the same permission as its parent site.
#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
#Get the web
$Web = Get-PnPWeb
#Remove unique permissions
$Web.ResetRoleInheritance()
Invoke-PnPQuery
How about removing unique permissions for all subsites in a site collection?
#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"
Try {
#Connect to SharePoint Online site
Connect-PnPOnline -Url $SiteURL -Interactive
#Get all subsites in SharePoint Online site using PnP PowerShell
$WebsCollection = Get-PnPSubWeb -Recurse
#Iterate through each subsite
ForEach($Web in $WebsCollection)
{
#Check if web is using unique permissions
$HasUniquePermissions = $Web.retrieve("HasUniqueRoleAssignments")
Invoke-PnPQuery
If($Web.HasUniqueRoleAssignments)
{
#Remove unique permissions
$Web.ResetRoleInheritance()
Invoke-PnPQuery
Write-Host "Unique Permissions Reset for $($Web.ServerRelativeURL)" -f Green
}
}
}
Catch {
write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}
In summary, removing unique permissions from a subsite in SharePoint Online is a straightforward process. By following the steps outlined in this article, you can quickly and easily revert back to the default permissions set for the site. There may come a time when these permissions need to be removed, either for security purposes or to simplify the permission structure of the site, which can be done through the use of PowerShell,