SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell

Requirement: Remove unique permissions from all folders-sub-folders in a SharePoint Online document library.

How to Delete Unique Permissions of a Folder in SharePoint Online?

In this blog post, we will walk you through the process of removing unique permissions from all folders in a SharePoint Online document library. This can be useful if you want to restore the original permissions to all the folders of a document library without having to manually set permissions for each folder.

To remove unique permissions from a SharePoint Online Folder, follow these steps:

  • Navigate to your SharePoint Online document library where the target folder is located. 
  • Right click on Folder, choose “Details” from the context menu. This opens the details pane, click on “Manage Access” and then “Advanced” links. This takes you to the “Advanced Permissions” page.
  • If the folder is using unique permissions, you’ll get “This folder has unique permissions.” message. Now, from the ribbon, click on “Delete Unique Permissions” button and confirm the prompt: “You are about to inherit permissions from the parent folder or document library. Any custom permissions will be lost.”
  • This removes all unique permissions of the folder and inherits from the parent object.
    SharePoint Online Remove Unique Permissions of Folder using PowerShell

SharePoint Online: PowerShell to Remove Unique Permissions of a Folder

Here is the PowerShell to delete unique permissions on a folder in SharePoint Online:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$FolderServerRelativeUrl= "/Sites/Marketing/Shared Documents/2015"
 
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
 
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
   
    #Get the web from URL
    $Web = $Ctx.web
    $Ctx.Load($Web)
    $Ctx.executeQuery()
 
    #Get the Folder object by Server Relative URL
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderServerRelativeUrl)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery() 
    
    #Reset Folder Permissions
    $Folder.ListItemAllFields.ResetRoleInheritance()
    $Ctx.ExecuteQuery()     
    Write-host -f Green "Folder's Unique Permissions are Removed!"
}
Catch {
    write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
}

PowerShell to Delete Unique Permissions of All Folders in a Document Library

This time, let’s delete unique permissions of all folders in a library.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Heplper Function to call a non-generic Load method
Function Invoke-LoadMethod() {
    param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName) 
    $ctx = $Object.Context
    $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
    $type = $Object.GetType()
    $clientLoad = $load.MakeGenericMethod($type)  
    $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
    $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
    $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
    $ExpressionArray.SetValue($Expression, 0)
    $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
 
#Function to Reset Permissions of all Sub-folders in a Folder
Function Reset-SPOSubFolderPermissions([Microsoft.SharePoint.Client.Folder]$Folder)
{
    Try {
        #Get all Sub Folders
        $Ctx.Load($Folder.Folders)
        $Ctx.ExecuteQuery()
 
        #Iterate through each sub-folder of the folder
        Foreach ($Folder in $Folder.Folders | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"})
        {
            Write-host "Processing Folder:"$Folder.ServerRelativeUrl

            #Get the "Has Unique Permissions" Property
            Invoke-LoadMethod -Object $Folder.ListItemAllFields -PropertyName "HasUniqueRoleAssignments"
            $Ctx.ExecuteQuery()
  
            If($Folder.ListItemAllFields.HasUniqueRoleAssignments -eq $True)
            {
                #Reset Folder Permissions
                $Folder.ListItemAllFields.ResetRoleInheritance()
                $Ctx.ExecuteQuery()
                Write-host -f Green "`tFolder's Unique Permissions are Removed!"
            }

            #Call the function recursively
            Reset-SPOSubFolderPermissions $Folder
        }
    }
    Catch {
        write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
    }
}
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName = "Documents"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
#Get the Library
$List = $Ctx.web.Lists.GetByTitle($ListName)
$Ctx.Load($List.RootFolder)
$Ctx.ExecuteQuery()
 
#call the function to reset permissions of all folders of the document library
Reset-SPOSubFolderPermissions $List.RootFolder

This can be a handy script if you need to quickly reset permissions for a large number of folders.

PnP PowerShell to Delete Unique Permissions of a Folder

Let’s use PnP PowerShell to delete unique permissions for a folder on SharePoint Online.

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$FolderURL = "/Documents/2015"

#Connect to the Site
Connect-PnPOnline -URL $SiteURL -Interactive

#Get the Folder - with HasUniqueAssignments and ParentList properties
$Folder = Get-PnPFolder -Url $FolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

#Get the List Item of the Folder
$FolderItem = $Folder.ListItemAllFields

#Check if the Folder has unique permissions
If($FolderItem.HasUniqueRoleAssignments)
{
    #Reset permission inheritance
    Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
    Write-host "Unique Permissions are removed from the Folder!"
}

Delete Unique Permissions from All Folders in a Document Library

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
$FolderURL = "/Shared Documents" #Document Library Site Relative URL

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive  #-Credentials (Get-Credential)

#Function to reset permissions of all Sub-Folders
Function Reset-SubFolderPermissions($FolderURL)
{
    #Get all sub-folders of the Folder - Exclude system folders
    $SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderURL -ItemType Folder | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"}

    #Loop through each sub-folder
    ForEach($SubFolder in $SubFolders)
    {
        $SubFolderURL = $FolderUrl+"/"+$SubFolder.Name
        Write-host -ForegroundColor Green "Processing Folder '$($SubFolder.Name)' at $SubFolderURL"

        #Get the Folder Object - with HasUniqueAssignments and ParentList properties
        $Folder = Get-PnPFolder -Url $SubFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

        #Get the List Item of the Folder
        $FolderItem = $Folder.ListItemAllFields

        #Check if the Folder has unique permissions
        If($FolderItem.HasUniqueRoleAssignments)
        {
            #Reset permission inheritance
            Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
            Write-host "`tUnique Permissions are removed from the Folder!"
        }

        #Call the function recursively
        Reset-SubFolderPermissions $SubFolderURL
    }
}
  
#Call the function
Reset-SubFolderPermissions $FolderURL

Related Posts:

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

6 thoughts on “SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell

  • This worked on all of the folders – but not the files
    how to I change this up to do the exact same thing on the files within those folders
    Note: I used the PNP version of this from All Folders in a Document Library

    Reply
  • Hi do we have a way to stop inheriting permissions up to certain folder levels? For example we have a library and i want to disable permission inheritance up to subfolders below only and then continue inheriting after that. Basically in the end how do we replicate this setup .We have a sharepoint site with a library. A user only has access to some nested subfolder. Though instead of having the user go directly to that URL we still want him to go to main site URL and then be able to only see the corresponding parent folder and the subfolder where he has access. I know we will need to grant view only permissions on all parents but can we remove inheritance only up to certain folder levels in one shot?

    Reply
  • Super useful information. I love that you have linked to similar topics in the bottom. Also that you include the CSOM way of doing it aswell as the PNP way. Great job!

    Reply
  • This worked beautifully to remove the unique permissions on folders, but I did notice that some objects (PDF, DOCX, etc.) retained their unique permissions. Is there a script you recommend to remove those unique permissions as well so that it inherits from the parent folder?

    Reply

Leave a Reply