Client Side Object Model (CSOM) Permission PowerShell SharePoint SharePoint Online Subsite 

SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell

Salaudeen Rajack 0 Comments ,

Requirement: Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell

How to Remove Unique Permissions of a SharePoint Online Site?

Removing unique permissions and restoring permission inheritance for a subsite allows its security to be managed at the parent site level, instead of managing the security separately from that subsite. To restore permission inheritance for a subsite in SharePoint Online, do the following:

  • Login to SharePoint Online, Navigate to the Subsite that you want to remove unique permissions.
  • Go to Settings >> Site Settings >> Click on “Site Permissions” link.
  • On the ribbon, click on the Permissions tab, and then, in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.
    delete subsite unique permissions sharepoint online powershell

This removes unique permissions from the SharePoint Online subsite.

Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell

Here is how to remove unique permissions in SharePoint Online subsite with PowerShell.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#To call a non-generic Load Method
Function Invoke-LoadMethod() {
    Param(
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),
            [string]$PropertyName
        )
   $Ctx = $Object.Context
   $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $Type = $Object.GetType()
   $ClientLoad = $Load.MakeGenericMethod($Type)
 
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))
}

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/2018"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
    
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()

    #Check if the given subsite is using unique permissions
    Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
    $Ctx.ExecuteQuery()

    #Reset broken inheritance
    If($Web.HasUniqueRoleAssignments)
    {
        #delete unique permissions of a subsite in sharepoint online powershell
        $Web.ResetRoleInheritance()
        $Web.Update()
        $Ctx.ExecuteQuery()    
        Write-host -f Green "Unique Permissions Removed from the Site!"
    }
    Else
    {
        Write-host -f Yellow "Site is Already Inheriting Permissions from the Parent!"
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

PnP PowerShell to Reset Permissions Inheritance in SharePoint Online Subsite

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
 
#Connect PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
 
#Get the web
$Web = Get-PnPWeb

#Remove unique permissions
$Web.ResetRoleInheritance()
Invoke-PnPQuery

Salaudeen Rajack

Information Technology Professional with Two decades of SharePoint Experience.

Leave a Reply