How to remove all permissions from a folder and subfolders

Requirement: Remove unique permissions from all folders-sub-folders in a SharePoint Online document library.

In this blog post, we will walk you through the process of removing unique permissions from all folders in a SharePoint Online document library. This can be useful if you want to restore the original permissions to all the folders of a document library without having to manually set permissions for each folder.

To remove unique permissions from a SharePoint Online Folder, follow these steps:

1. Navigate to your SharePoint Online document library where the target folder is located. 
2. Right-click on Folder, and choose “Details” from the context menu. This opens the details pane, click on “Manage Access” and then “Advanced” links. This takes you to the “Advanced Permissions” page.
3. If the folder is using unique permissions, you’ll get the “This folder has unique permissions.” message. Now, from the ribbon, click on the “Delete Unique Permissions” button and confirm the prompt: “You are about to inherit permissions from the parent folder or document library. Any custom permissions will be lost.”
4. This removes all unique permissions of the folder and inherits from the parent object.
   

Here is the PowerShell to delete unique permissions on a folder in SharePoint Online:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$FolderServerRelativeUrl= "/Sites/Marketing/Shared Documents/2015"
 
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
 
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
   
    #Get the web from URL
    $Web = $Ctx.web
    $Ctx.Load($Web)
    $Ctx.executeQuery()
 
    #Get the Folder object by Server Relative URL
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderServerRelativeUrl)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery() 
    
    #Reset Folder Permissions
    $Folder.ListItemAllFields.ResetRoleInheritance()
    $Ctx.ExecuteQuery()     
    Write-host -f Green "Folder's Unique Permissions are Removed!"
}
Catch {
    write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
}

PowerShell to Delete Unique Permissions of All Folders in a Document Library

This time, let’s delete the unique permissions of all folders in a library.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to Reset Permissions of all Sub-folders in a Folder
Function Reset-SPOSubFolderPermissions([Microsoft.SharePoint.Client.Folder]$Folder)
{
    Try {
        #Get all Sub Folders
        $Ctx.Load($Folder.Folders)
        $Ctx.ExecuteQuery()
 
        #Iterate through each sub-folder of the folder
        Foreach ($Folder in $Folder.Folders | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"})
        {
            Write-host "Processing Folder:"$Folder.ServerRelativeUrl

            #Get the "Has Unique Permissions" Property
            $Folder.ListItemAllFields.Retrieve("HasUniqueRoleAssignments")
            $Ctx.ExecuteQuery()
  
            If($Folder.ListItemAllFields.HasUniqueRoleAssignments -eq $True)
            {
                #Reset Folder Permissions
                $Folder.ListItemAllFields.ResetRoleInheritance()
                $Ctx.ExecuteQuery()
                Write-host -f Green "`tFolder's Unique Permissions are Removed!"
            }

            #Call the function recursively
            Reset-SPOSubFolderPermissions $Folder
        }
    }
    Catch {
        write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
    }
}
 
#Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName = "Documents"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
#Get the Library
$List = $Ctx.web.Lists.GetByTitle($ListName)
$Ctx.Load($List.RootFolder)
$Ctx.ExecuteQuery()
 
#call the function to reset permissions of all folders of the document library
Reset-SPOSubFolderPermissions $List.RootFolder

This can be a handy script if you need to quickly reset permissions for a large number of folders.

PnP PowerShell to Delete Unique Permissions of a Folder

Let’s use PnP PowerShell to delete unique permissions for a folder on SharePoint Online.

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$FolderURL = "/Documents/2015"

#Connect to the Site
Connect-PnPOnline -URL $SiteURL -Interactive

#Get the Folder - with HasUniqueAssignments and ParentList properties
$Folder = Get-PnPFolder -Url $FolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

#Get the List Item of the Folder
$FolderItem = $Folder.ListItemAllFields

#Check if the Folder has unique permissions
If($FolderItem.HasUniqueRoleAssignments)
{
    #Reset permission inheritance
    Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
    Write-host "Unique Permissions are removed from the Folder!"
}

Delete Unique Permissions from All Folders in a Document Library

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/2018"
$FolderURL = "/Shared Documents" #Document Library Site Relative URL

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive  #-Credentials (Get-Credential)

#Function to reset permissions of all Sub-Folders
Function Reset-SubFolderPermissions($FolderURL)
{
    #Get all sub-folders of the Folder - Exclude system folders
    $SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderURL -ItemType Folder | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"}

    #Loop through each sub-folder
    ForEach($SubFolder in $SubFolders)
    {
        $SubFolderURL = $FolderUrl+"/"+$SubFolder.Name
        Write-host -ForegroundColor Green "Processing Folder '$($SubFolder.Name)' at $SubFolderURL"

        #Get the Folder Object - with HasUniqueAssignments and ParentList properties
        $Folder = Get-PnPFolder -Url $SubFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID

        #Get the List Item of the Folder
        $FolderItem = $Folder.ListItemAllFields

        #Check if the Folder has unique permissions
        If($FolderItem.HasUniqueRoleAssignments)
        {
            #Reset permission inheritance
            Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions
            Write-host "`tUnique Permissions are removed from the Folder!"
        }

        #Call the function recursively
        Reset-SubFolderPermissions $SubFolderURL
    }
}
  
#Call the function
Reset-SubFolderPermissions $FolderURL

Related Posts:

• SharePoint Online: Delete Unique Permissions for All Items in a List using PowerShell
• SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell
• SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell
• SharePoint Online: Delete All Unique Permissions from a Site Collection using PowerShell