You are disabling inheritance on every folder in the path. Each subfolder will have its own set of ACLs, which will potentially be different to the ACL on its parent.
You then modify the ACL on the root directory. Since you've disabled inheritance, this change won't apply to the subfolders. You would need to loop through every subfolder and update its ACL to match.
It sounds like you actually want to enable inheritance, so that all subfolders have the same ACL as the root. To do that, use:
icacls $folder /reset /t /c /l /q
icacls | Microsoft Docs[^]
Requirement: Remove unique permissions from all folders-sub-folders in a SharePoint Online document library. In this blog post, we will walk you through the process of removing unique permissions from all folders in a SharePoint Online document library. This can be useful if you want to restore the original
permissions to all the folders of a document library without having to manually set permissions for each folder. To remove unique permissions from a SharePoint Online Folder, follow these steps: Here is the PowerShell to delete unique permissions on a folder in SharePoint Online:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Variables
$SiteURL = "//crescent.sharepoint.com/sites/marketing"
$FolderServerRelativeUrl= "/Sites/Marketing/Shared Documents/2015"
Try {
#Get Credentials to connect
$Cred= Get-Credential
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext[$SiteURL]
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials[$Cred.Username, $Cred.Password]
#Get the web from URL
$Web = $Ctx.web
$Ctx.Load[$Web]
$Ctx.executeQuery[]
#Get the Folder object by Server Relative URL
$Folder = $Web.GetFolderByServerRelativeUrl[$FolderServerRelativeUrl]
$Ctx.Load[$Folder]
$Ctx.ExecuteQuery[]
#Reset Folder Permissions
$Folder.ListItemAllFields.ResetRoleInheritance[]
$Ctx.ExecuteQuery[]
Write-host -f Green "Folder's Unique Permissions are Removed!"
}
Catch {
write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message
}
PowerShell to Delete Unique Permissions of All Folders in a Document Library
This time, let’s delete the unique permissions of all folders in a library.
#Load SharePoint CSOM Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Function to Reset Permissions of all Sub-folders in a Folder Function Reset-SPOSubFolderPermissions[[Microsoft.SharePoint.Client.Folder]$Folder] { Try { #Get all Sub Folders $Ctx.Load[$Folder.Folders] $Ctx.ExecuteQuery[] #Iterate through each sub-folder of the folder Foreach [$Folder in $Folder.Folders | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"}] { Write-host "Processing Folder:"$Folder.ServerRelativeUrl #Get the "Has Unique Permissions" Property $Folder.ListItemAllFields.Retrieve["HasUniqueRoleAssignments"] $Ctx.ExecuteQuery[] If[$Folder.ListItemAllFields.HasUniqueRoleAssignments -eq $True] { #Reset Folder Permissions $Folder.ListItemAllFields.ResetRoleInheritance[] $Ctx.ExecuteQuery[] Write-host -f Green "`tFolder's Unique Permissions are Removed!" } #Call the function recursively Reset-SPOSubFolderPermissions $Folder } } Catch { write-host -f Red "Error Resetting Folder Permissions!" $_.Exception.Message } } #Variables $SiteURL = "//crescent.sharepoint.com/sites/marketing" $ListName = "Documents" #Get Credentials to connect $Cred= Get-Credential #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext[$SiteURL] $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials[$Cred.Username, $Cred.Password] #Get the Library $List = $Ctx.web.Lists.GetByTitle[$ListName] $Ctx.Load[$List.RootFolder] $Ctx.ExecuteQuery[] #call the function to reset permissions of all folders of the document library Reset-SPOSubFolderPermissions $List.RootFolder
This can be a handy script if you need to quickly reset permissions for a large number of folders.
PnP PowerShell to Delete Unique Permissions of a Folder
Let’s use PnP PowerShell to delete unique permissions for a folder on SharePoint Online.
#Parameters $SiteURL = "//crescent.sharepoint.com/sites/Marketing" $FolderURL = "/Documents/2015" #Connect to the Site Connect-PnPOnline -URL $SiteURL -Interactive #Get the Folder - with HasUniqueAssignments and ParentList properties $Folder = Get-PnPFolder -Url $FolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID #Get the List Item of the Folder $FolderItem = $Folder.ListItemAllFields #Check if the Folder has unique permissions If[$FolderItem.HasUniqueRoleAssignments] { #Reset permission inheritance Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions Write-host "Unique Permissions are removed from the Folder!" }
Delete Unique Permissions from All Folders in a Document Library
#Set Variables $SiteURL = "//crescent.sharepoint.com/sites/marketing/2018" $FolderURL = "/Shared Documents" #Document Library Site Relative URL #Connect to PnP Online Connect-PnPOnline -Url $SiteURL -Interactive #-Credentials [Get-Credential] #Function to reset permissions of all Sub-Folders Function Reset-SubFolderPermissions[$FolderURL] { #Get all sub-folders of the Folder - Exclude system folders $SubFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $FolderURL -ItemType Folder | Where {$_.Name -ne "Forms" -and $_.Name -ne "Document"} #Loop through each sub-folder ForEach[$SubFolder in $SubFolders] { $SubFolderURL = $FolderUrl+"/"+$SubFolder.Name Write-host -ForegroundColor Green "Processing Folder '$[$SubFolder.Name]' at $SubFolderURL" #Get the Folder Object - with HasUniqueAssignments and ParentList properties $Folder = Get-PnPFolder -Url $SubFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments, ListItemAllFields.ParentList, ListItemAllFields.ID #Get the List Item of the Folder $FolderItem = $Folder.ListItemAllFields #Check if the Folder has unique permissions If[$FolderItem.HasUniqueRoleAssignments] { #Reset permission inheritance Set-PnPListItemPermission -List $FolderItem.ParentList -Identity $FolderItem.ID -InheritPermissions Write-host "`tUnique Permissions are removed from the Folder!" } #Call the function recursively Reset-SubFolderPermissions $SubFolderURL } } #Call the function Reset-SubFolderPermissions $FolderURL
Related Posts:
- SharePoint Online: Delete Unique Permissions for All Items in a List using PowerShell
- SharePoint Online: Delete Unique Permissions and Restore Inheritance in a List using PowerShell
- SharePoint Online: Delete Unique Permissions in a Subsite using PowerShell
- SharePoint Online: Delete All Unique Permissions from a Site Collection using PowerShell
Salaudeen Rajack
Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!