SharePoint Online: PowerShell to Break Folder Permission Inheritance

Requirement: Break Permission Inheritance of a Folder in SharePoint Online using PowerShell.

How to Break the inheritance of a folder in SharePoint Online?

By default, folders in SharePoint Online inherit permission from their parent objects such as document library or list. When you have to provide unique permissions to folders, you have to break folder permissions first. Here is how to break permission inheritance in SharePoint Online:

  • Navigate to your SharePoint Online library where the folder is stored
  • Select the Folder >> Click on “Manage Access” from the folder’s context menu >> Click on the “Advanced” link in the Manage Access panel.
  • In the permissions page, if the folder is inheriting permissions from its parent, we have to break the permission inheritance by clicking “Stop inheriting Permissions” button. Confirm the prompt once.
    sharepoint online powershell break permission inheritance folder

Now, you can add or remove users to the folder by clicking the “Grant Permissions” button from the Grant group. Once you stop inheriting permissions – All users and groups are copied from the list or library to the folder’s permission. From this point, Any future permission changes made to the parent object no longer affect the folder!

SharePoint Online: PowerShell to Break Permission Inheritance Folder

Let’s break folder’s permission Inheritance using PowerShell to give unique permissions to a folder in SharePoint Online:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$SiteURL = ""
$FolderServerRelativeURL = "/sites/marketing/Shared Documents/2018"
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
    #Get the Folder
    $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderServerRelativeURL)
    #Break Permission inheritence of the folder - Keep all existing folder permissions & keep Item level permissions
    Write-host "Folder's Permission Inheritance Broken Successfully!" -ForegroundColor Green  
Catch {
    write-host -f Red "Error breaking Folder Permission Inheritance!" $_.Exception.Message

Break Inheritance of Folder in SharePoint Online using PnP PowerShell

Wouldn’t it be good to check if the folder has unique permissions already before breaking the folder’s permissions? Well, Let’s do that first and then break the folder’s permission using PnP PowerShell:

$SiteURL = ""
$FolderServerRelativeURL = "/sites/marketing/Shared Documents/2018"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)  #-Interactive
#Get the Folder 
$Folder = Get-PnPFolder -Url $FolderServerRelativeURL -Includes ListItemAllFields.HasUniqueRoleAssignments

    Write-host "Folder is already with broken permissions!" -f Yellow
    #Break Folder permissions - keep all existing permissions & keep Item level permissions

    Write-host "Folder's Permission Inheritance is broken!!" -f Green   

To add or remove users to the folder, use:

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

2 thoughts on “SharePoint Online: PowerShell to Break Folder Permission Inheritance

  • The IF loop is reversed, it needs to be “If(!$Folder.ListItemAllFields.HasUniqueRoleAssignments)” with the “!”

    For the rest is works great, thanks!

  • Thanks for your code! Works great in most cases…

    The comments below are for SharePoint Online with SharePointPnPPowerShellOnline version 3.22.2006.2.

    I learned the hard way that the PnP solution has a couple of quirks. Not sure if it is PowerShell, SharePoint or sunspots…

    Quirk 1 – If you set permissions for a group BEFORE breaking inheritance, the code detects broken inheritance even when it is not broken.

    Quirk 2 – If you break permissions for a lower level folder and then later break the permissions for the parent folder of your lower level folder, then inheritance is TURNED BACK ON for the lower level folder.

    This took several hours to figure out. I hope this saves others from chasing these same issues.


Leave a Reply