SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell

Requirement: Remove unique permissions from all folders-sub-folders in a SharePoint Online document library.

How to Delete Unique Permissions of a Folder in SharePoint Online?
To remove unique permissions from a SharePoint Online Folder, Follow these steps:
  • Navigate to your SharePoint Online document library where the target folder is located. 
  • Right click on Folder, choose "Details" from the context menu. This opens the details pane, Click on "Manage Access" and then "Advanced" links. This takes you to the "Advanced Permissions" page.
  • If the folder is using unique permissions, you'll get "This folder has unique permissions." message. Now, from the ribbon, Click on "Delete Unique Permissions" button and confirm the prompt: "You are about to inherit permissions from the parent folder or document library. Any custom permissions will be lost."
  • This removes all unique permissions of the folder and inherits from the parent object. SharePoint Online Remove Unique Permissions of Folder using PowerShell

SharePoint Online: PowerShell to Remove Unique Permissions of a Folder
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$FolderServerRelativeUrl= "/Sites/Marketing/Shared Documents/2015"
 
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
 
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
   
    #Get the web from URL
    $Web = $Ctx.web
    $Ctx.Load($Web)
    $Ctx.executeQuery()
 
    #Get the Folder object by Server Relative URL
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderServerRelativeUrl)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery() 
    
    #Reset Folder Permissions
    $Folder.ListItemAllFields.ResetRoleInheritance()
    $Ctx.ExecuteQuery()     
    Write-host -f Green "Folder's Unique Permissions are Removed!"
}
Catch {
    write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
}

PowerShell to Delete Unique Permissions of All Folders in a Document Library
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Heplper Function to call a non-generic Load method
Function Invoke-LoadMethod() {
    param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName) 
    $ctx = $Object.Context
    $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
    $type = $Object.GetType()
    $clientLoad = $load.MakeGenericMethod($type)  
    $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
    $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
    $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
    $ExpressionArray.SetValue($Expression, 0)
    $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
 
#Function to Reset Permissions of all Sub-folders in a Folder
Function Reset-SPOSubFolderPermissions([Microsoft.SharePoint.Client.Folder]$Folder)
{
    Try {
        #Get all Sub Folders
        $Ctx.Load($Folder.Folders)
        $Ctx.ExecuteQuery()
 
        #Iterate through each sub-folder of the folder
        Foreach ($Folder in $Folder.Folders | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"})
        {
            Write-host "Processing Folder:"$Folder.ServerRelativeUrl

            #Get the "Has Unique Permissions" Property
            Invoke-LoadMethod -Object $Folder.ListItemAllFields -PropertyName "HasUniqueRoleAssignments"
            $Ctx.ExecuteQuery()
  
            If($Folder.ListItemAllFields.HasUniqueRoleAssignments -eq $True)
            {
                #Reset Folder Permissions
                $Folder.ListItemAllFields.ResetRoleInheritance()
                $Ctx.ExecuteQuery()
                Write-host -f Green "`tFolder's Unique Permissions are Removed!"
            }

            #Call the function recursively
            Reset-SPOSubFolderPermissions $Folder
        }
    }
    Catch {
        write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
    }
}
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName = "Documents"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
#Get the Library
$List = $Ctx.web.Lists.GetByTitle($ListName)
$Ctx.Load($List.RootFolder)
$Ctx.ExecuteQuery()
 
#call the function to reset permissions of all folders of the document library
Reset-SPOSubFolderPermissions $List.RootFolder

PnP PowerShell to Delete Unique Permissions of a Folder
#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$FolderURL = "/Documents/2015"

#Connect to the Site
Connect-PnPOnline -URL $SiteURL -UseWebLogin

#Get the Folder - with HasUniqueAssignments and ParentList properties
$Folder = Get-PnPFolder -Url $FolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

#Get the List Item of the Folder
$FolderItem = $Folder.ListItemAllFields

#Check if the Folder has unique permissions
If($FolderItem.HasUniqueRoleAssignments)
{
    #Reset permission inheritance
    Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
    Write-host "Unique Permissions are removed from the Folder!"
}

Delete Unique Permissions from All Folders in a Document Library
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
$FolderURL = "/Shared Documents" #Document Library Site Relative URL

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -UseWebLogin  #-Credentials (Get-Credential)

#Function to reset permissions of all Sub-Folders
Function Reset-SubFolderPermissions($FolderURL)
{
    #Get all sub-folders of the Folder - Exclude system folders
    $SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderURL -ItemType Folder | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"}

    #Loop through each sub-folder
    ForEach($SubFolder in $SubFolders)
    {
        $SubFolderURL = $FolderUrl+"/"+$SubFolder.Name
        Write-host -ForegroundColor Green "Processing Folder '$($SubFolder.Name)' at $SubFolderURL"

        #Get the Folder Object - with HasUniqueAssignments and ParentList properties
        $Folder = Get-PnPFolder -Url $SubFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

        #Get the List Item of the Folder
        $FolderItem = $Folder.ListItemAllFields

        #Check if the Folder has unique permissions
        If($FolderItem.HasUniqueRoleAssignments)
        {
            #Reset permission inheritance
            Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
            Write-host "`tUnique Permissions are removed from the Folder!"
        }

        #Call the function recursively
        Reset-SubFolderPermissions $SubFolderURL
    }
}
  
#Call the function
Reset-SubFolderPermissions $FolderURL

Related Posts:
SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell Reviewed by Salaudeen Rajack on February 19, 2019 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.