SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell

Requirement: Remove unique permissions from all folders-sub-folders in a SharePoint Online document library.

How to Delete Unique Permissions of a Folder in SharePoint Online?

SharePoint Online document libraries often have a hierarchical structure, where folders and files inherit their permissions from the parent folder or document library. However, in some cases, unique permissions may be set for specific folders, leading to inconsistent levels of access across the library. Managing unique permissions for each folder can be a time-consuming and tedious task. So, let us explore how to remove unique permissions from all folders in a SharePoint Online document library using PowerShell.

In this blog post, we will walk you through the process of removing unique permissions from all folders in a SharePoint Online document library. This can be useful if you want to restore the original permissions to all the folders of a document library without having to manually set permissions for each folder.

To remove unique permissions from a SharePoint Online Folder, follow these steps:

  1. Navigate to your SharePoint Online document library, where the target folder is located. 
  2. Right-click on Folder, and choose “Details” from the context menu. This opens the details pane, click on “Manage Access” and then “Advanced” links. This takes you to the “Advanced Permissions” page.
  3. If the folder uses unique permissions, you’ll get the “This folder has unique permissions.” message. Now, from the ribbon, click on the “Delete Unique Permissions” button and confirm the prompt: “You are about to inherit permissions from the parent folder or document library. Any custom permissions will be lost.”
  4. This removes all unique permissions of the folder and inherits from the parent object.
    SharePoint Online Remove Unique Permissions of Folder using PowerShell

SharePoint Online: PowerShell to Remove Unique Permissions of a Folder

Here is the PowerShell to delete unique permissions on a folder in SharePoint Online:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$FolderServerRelativeUrl= "/Sites/Marketing/Shared Documents/2015"
 
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
 
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
   
    #Get the web from URL
    $Web = $Ctx.web
    $Ctx.Load($Web)
    $Ctx.executeQuery()
 
    #Get the Folder object by Server Relative URL
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderServerRelativeUrl)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery() 
    
    #Reset Folder Permissions
    $Folder.ListItemAllFields.ResetRoleInheritance()
    $Ctx.ExecuteQuery()     
    Write-host -f Green "Folder's Unique Permissions are Removed!"
}
Catch {
    write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
}

This will restore the default inheritance and ensure a consistent level of access for all users.

PowerShell to Delete Unique Permissions of All Folders in a Document Library

This time, let’s delete the unique permissions of all folders in a library.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to Reset Permissions of all Sub-folders in a Folder
Function Reset-SPOSubFolderPermissions([Microsoft.SharePoint.Client.Folder]$Folder)
{
    Try {
        #Get all Sub Folders
        $Ctx.Load($Folder.Folders)
        $Ctx.ExecuteQuery()
 
        #Iterate through each sub-folder of the folder
        Foreach ($Folder in $Folder.Folders | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"})
        {
            Write-host "Processing Folder:"$Folder.ServerRelativeUrl

            #Get the "Has Unique Permissions" Property
            $Folder.ListItemAllFields.Retrieve("HasUniqueRoleAssignments")
            $Ctx.ExecuteQuery()
  
            If($Folder.ListItemAllFields.HasUniqueRoleAssignments -eq $True)
            {
                #Reset Folder Permissions
                $Folder.ListItemAllFields.ResetRoleInheritance()
                $Ctx.ExecuteQuery()
                Write-host -f Green "`tFolder's Unique Permissions are Removed!"
            }

            #Call the function recursively
            Reset-SPOSubFolderPermissions $Folder
        }
    }
    Catch {
        write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
    }
}
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName = "Documents"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
#Get the Library
$List = $Ctx.web.Lists.GetByTitle($ListName)
$Ctx.Load($List.RootFolder)
$Ctx.ExecuteQuery()
 
#call the function to reset permissions of all folders of the document library
Reset-SPOSubFolderPermissions $List.RootFolder

This can be a handy script if you need to quickly reset permissions for a large number of folders.

PnP PowerShell to Delete Unique Permissions of a Folder

Let’s use PnP PowerShell to delete unique permissions for a folder on SharePoint Online.

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$FolderURL = "/Documents/2015"

#Connect to the Site
Connect-PnPOnline -URL $SiteURL -Interactive

#Get the Folder - with HasUniqueAssignments and ParentList properties
$Folder = Get-PnPFolder -Url $FolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

#Get the List Item of the Folder
$FolderItem = $Folder.ListItemAllFields

#Check if the Folder has unique permissions
If($FolderItem.HasUniqueRoleAssignments)
{
    #Reset permission inheritance
    Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
    Write-host "Unique Permissions are removed from the Folder!"
}

Delete Unique Permissions from All Folders in a Document Library

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
$FolderURL = "/Shared Documents" #Document Library Site Relative URL

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive  #-Credentials (Get-Credential)

#Function to reset permissions of all Sub-Folders
Function Reset-SubFolderPermissions($FolderURL)
{
    #Get all sub-folders of the Folder - Exclude system folders
    $SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderURL -ItemType Folder | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"}

    #Loop through each sub-folder
    ForEach($SubFolder in $SubFolders)
    {
        $SubFolderURL = $FolderUrl+"/"+$SubFolder.Name
        Write-host -ForegroundColor Green "Processing Folder '$($SubFolder.Name)' at $SubFolderURL"

        #Get the Folder Object - with HasUniqueAssignments and ParentList properties
        $Folder = Get-PnPFolder -Url $SubFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

        #Get the List Item of the Folder
        $FolderItem = $Folder.ListItemAllFields

        #Check if the Folder has unique permissions
        If($FolderItem.HasUniqueRoleAssignments)
        {
            #Reset permission inheritance
            Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
            Write-host "`tUnique Permissions are removed from the Folder!"
        }

        #Call the function recursively
        Reset-SubFolderPermissions $SubFolderURL
    }
}
  
#Call the function
Reset-SubFolderPermissions $FolderURL

Wrapping up

In conclusion, removing unique permissions from all folders in a SharePoint Online document library can be a time-consuming and repetitive task. However, by using PowerShell, the process can be automated, saving time and effort. By executing this script, the unique permissions of all folders in the document library can be removed, restoring the default inheritance from the parent site. This ensures a consistent level of access and reduces the risk of unintended security breaches. By following the steps outlined in the article, administrators can quickly and effectively remove unique permissions from all folders in their SharePoint Online document library.

Related Posts:

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

8 thoughts on “SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell

  • I just performed this on 9 libraries in the same tenant experiencing this problem that came about from migrating from Google Drive to SharePoint Online. I’m still seeing a significant amount of exceptions listed in the document library permissions (it says there are still more to the list that it cannot display). Does it take time to run in background? Do I need to run it more than once?

    Reply
  • Is there a way to combine your post on bypassing the 5000 limit with this script? I am not good at powershell so I am not sure how to make the modification.

    Reply
  • This worked on all of the folders – but not the files
    how to I change this up to do the exact same thing on the files within those folders
    Note: I used the PNP version of this from All Folders in a Document Library

    Reply
  • Hi do we have a way to stop inheriting permissions up to certain folder levels? For example we have a library and i want to disable permission inheritance up to subfolders below only and then continue inheriting after that. Basically in the end how do we replicate this setup .We have a sharepoint site with a library. A user only has access to some nested subfolder. Though instead of having the user go directly to that URL we still want him to go to main site URL and then be able to only see the corresponding parent folder and the subfolder where he has access. I know we will need to grant view only permissions on all parents but can we remove inheritance only up to certain folder levels in one shot?

    Reply
  • Super useful information. I love that you have linked to similar topics in the bottom. Also that you include the CSOM way of doing it aswell as the PNP way. Great job!

    Reply
  • This worked beautifully to remove the unique permissions on folders, but I did notice that some objects (PDF, DOCX, etc.) retained their unique permissions. Is there a script you recommend to remove those unique permissions as well so that it inherits from the parent folder?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *