Remove all user permissions from Site collection and subsites SPO

G99 31 Reputation points
2021-04-01T10:10:24.773+00:00

Hi

Is there a quick way of removing all permissions form a site collection and subsites, including removing all unique permissions?

I'd like to remove all access as the site should no longer be used, but there are 100s of doc libs/lists and multiple sub sites.

Thanks

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,600 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emily Du-MSFT 41,771 Reputation points Microsoft Vendor
    2021-04-02T09:00:02.437+00:00

    @G99

    First, please run below PowerShell to delete all unique permissions in the site collection. 

     #Load SharePoint CSOM Assemblies  
    Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
    Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"        
#To call a non-generic Load Method  
Function Invoke-LoadMethod() {  
    Param(  
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName  
         )  
   $Ctx = $Object.Context  
   $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load")   
   $Type = $Object.GetType()  
   $ClientLoad = $Load.MakeGenericMethod($Type)  
     
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)  
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))  
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)  
   $ExpressionArray.SetValue($Expression, 0)  
   $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))  
}  
   
#Function to Delete Unique Permission from a Web and its content  
Function Reset-SPOUniquePermission([Microsoft.SharePoint.Client.Web]$Web)  
{  
    Write-host -f Magenta "`nSearching Unique Permissions on the Site:"$web.Url  
       
    #Check if the given site is using unique permissions  
    Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"  
    $Ctx.ExecuteQuery()  
       
    #Get the Root Web  
    $RootWeb = $ctx.site.RootWeb  
    $Ctx.Load($RootWeb)  
    $Ctx.ExecuteQuery()  
   
    ### Reset broken inheritance on the Web  
    If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)  
    {  
        #powershell to delete unique permissions of a subsite in sharepoint online  
        $Web.ResetRoleInheritance()  
        $Web.Update()  
        $Ctx.ExecuteQuery()      
        Write-host -f Green "`t Unique Permissions Removed from the Site: $SiteURL!"  
    }  
           
    ### Reset unique permission in Lists  
    Write-host -f Magenta "`t Searching Unique Permissions on the Lists"  
    $Lists =  $Web.Lists  
    $Ctx.Load($Lists)  
    $Ctx.ExecuteQuery()  
   
    #Exclude system lists  
    $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",  
     "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",  
     ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",  
     "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")  
       
    #Iterate through each list  
    ForEach($List in $Lists)  
    {  
        $Ctx.Load($List)  
        $Ctx.ExecuteQuery()  
   
        If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)  
        {  
            #Check if the given site is using unique permissions  
            Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments"  
            $Ctx.ExecuteQuery()  
    
            #Reset broken inheritance of the list  
            If($List.HasUniqueRoleAssignments)  
            {  
                #delete unique permissions of a subsite in sharepoint online powershell  
                $List.ResetRoleInheritance()  
                $List.Update()  
                $Ctx.ExecuteQuery()      
                Write-host -f Green "`t`tUnique Permissions Removed from the List: '$($List.Title)'"  
            }  
   
            Write-host -f Magenta "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"  
   
            #Query to batch process  
            $Query = New-Object Microsoft.SharePoint.Client.CamlQuery  
            $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"  
   
            ### Reset unique permission on List items  
            Do {    
                #Get all items from the list - in batches  
                $ListItems = $List.GetItems($Query)  
                $Ctx.Load($ListItems)  
                $Ctx.ExecuteQuery()  
              
                $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition  
     
                #Loop through each List item  
                ForEach($ListItem in $ListItems)  
                {  
                    Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"  
                    $Ctx.ExecuteQuery()  
                    if ($ListItem.HasUniqueRoleAssignments -eq $true)  
                    {  
                        #Reset Permission Inheritance  
                        $ListItem.ResetRoleInheritance()  
                        Write-host  -ForegroundColor Green "`t`t`t Unique Permissions Removed and Inheritence Restored on Item ID:" $ListItem.ID  
                    }  
                }  
                $Ctx.ExecuteQuery()  
            } While ($Query.ListItemCollectionPosition -ne $null)  
        }  
    }  
   
    #Process each subsite in the site  
    $Subsites = $Web.Webs  
    $Ctx.Load($Subsites)  
    $Ctx.ExecuteQuery()          
    Foreach ($SubSite in $Subsites)  
    {  
        #Call the function Recursively  
        Reset-SPOUniquePermission($Subsite)  
    }  
}  
   
#Config Parameters  
$SiteURL= "site collection URL"  
    
#Get Credentials to connect  
$Cred = Get-Credential  
    
Try {  
    #Setup the context  
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)  
        
    #Get the Web  
    $Web = $Ctx.Web  
    $Ctx.Load($Web)  
    $Ctx.ExecuteQuery()  
       
    #Call the function to delete unique permission from all sites in the site collection  
    Reset-SPOUniquePermission $Web  
}  
Catch {  
    write-host -f Red "Error:" $_.Exception.Message  
}

    Then run below PowerShell to delete users. 

    $AdminSiteURL="https://tenant-admin.sharepoint.com/"  
$SiteURL="site collection URL"  
  
$Cred = Get-Credential  
  
Connect-SPOService -Url $AdminSiteURL -Credential $cred  
   
$Users = Get-SPOUser -Site $SiteURL  
$Login = $Users.LoginName  
  
Foreach($Login in $Login)  
{  
Remove-SPOUser -Site $SiteURL -LoginName $Login
    0 comments