SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell

Requirement: Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell.

How to Remove Unique Permissions of a SharePoint Online Site?

One of the features of SharePoint Online is the ability to assign unique permissions to individual documents or folders. This allows for fine-grained control over who can access, edit, or delete specific items within the site. However, this also means that it can quickly become complex and difficult to manage, especially for large organizations. In this article, we will explore how to remove unique permissions in SharePoint Online.

Removing unique permissions and restoring permission inheritance for a subsite allows its security to be managed at the parent site level instead of managing the security separately from that subsite. To restore permission inheritance for a subsite in SharePoint Online, do the following:

  1. Login to SharePoint Online, Navigate to the Subsite that you want to remove unique permissions.
  2. Click on Settings gear >> Site Settings >> Click on the “Site Permissions” link.
  3. On the ribbon, click on the Permissions tab, and then, in the Inheritance group, click on Delete Unique Permissions. Confirm the prompt with OK.
    delete subsite unique permissions sharepoint online powershell

This removes unique permissions from the SharePoint Online subsite. Please note, When you remove unique permissions, all custom permissions will be lost and cannot be restored!

Delete Unique Permissions of a Subsite in SharePoint Online using PowerShell

Here is how to remove unique permissions in SharePoint Online subsite with PowerShell:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing/2018"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
    
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()

    #Check if the given subsite is using unique permissions
    $Web.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()

    #Reset broken inheritance
    If($Web.HasUniqueRoleAssignments)
    {
        #delete unique permissions of a subsite in sharepoint online powershell
        $Web.ResetRoleInheritance()
        $Web.Update()
        $Ctx.ExecuteQuery()    
        Write-host -f Green "Unique Permissions Removed from the Site!"
    }
    Else
    {
        Write-host -f Yellow "Site is Already Inheriting Permissions from the Parent!"
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Upon execution, the unique permissions will now be removed, and the site will inherit its permissions from the parent site.

PnP PowerShell to Reset Permissions Inheritance in SharePoint Online Subsite

Let’s see how to reset subsite permissions in SharePoint Online using PnP PowerShell. This procedure will restore permissions of a subsite with the same permission as its parent site.

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
 
#Connect PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
 
#Get the web
$Web = Get-PnPWeb

#Remove unique permissions
$Web.ResetRoleInheritance()
Invoke-PnPQuery

How about removing unique permissions for all subsites in a site collection?

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"

Try {
    #Connect to SharePoint Online site
    Connect-PnPOnline -Url $SiteURL -Interactive

    #Get all subsites in SharePoint Online site using PnP PowerShell
    $WebsCollection = Get-PnPSubWeb -Recurse
 
    #Iterate through each subsite
    ForEach($Web in $WebsCollection)
    {
        #Check if web is using unique permissions
        $HasUniquePermissions =  $Web.retrieve("HasUniqueRoleAssignments")
        Invoke-PnPQuery
        
        If($Web.HasUniqueRoleAssignments)
        {
            #Remove unique permissions
            $Web.ResetRoleInheritance()
            Invoke-PnPQuery
            Write-Host "Unique Permissions Reset for $($Web.ServerRelativeURL)" -f Green
        }
    }
}
Catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

In summary, removing unique permissions from a subsite in SharePoint Online is a straightforward process. By following the steps outlined in this article, you can quickly and easily revert back to the default permissions set for the site. There may come a time when these permissions need to be removed, either for security purposes or to simplify the permission structure of the site, which can be done through the use of PowerShell,

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *