Share via

Removing user-level permissions from folders and files in a SharePoint document library using PowerShell

Hanthorn Jeff 105 Reputation points
2026-02-02T11:41:58.69+00:00

Im looking for a PowerShell script to remove user permissions from a SharePoint document library where access was granted directly to specific folders and files. Permissions are assigned individually and not at the document library level.

The goal is to revoke those user-level permissions without affecting the library’s main permission settings.

Microsoft 365 and Office | SharePoint | Development
0 comments

Answer accepted by question author

Steven-N 25,305 Reputation points Microsoft External Staff Moderator
2026-02-02T12:30:38.54+00:00

Hi Hanthorn Jeff

Thank you for reaching out to Microsoft Q&A

Based on your requirement, I think you can try the cmdlet above to see if it works, this PnP PowerShell cmdlet that resets unique permissions on all items (files and folders) in a SharePoint Online document library and restores inheritance from the parent library:

Connect-PnPOnline -Url "https://contoso.sharepoint.com/sites/YourSite" -Interactive
$LibraryName = "Documents"
$ListItems = Get-PnPListItem -List $LibraryName -PageSize 500
foreach ($Item in $ListItems) {
    $HasUniquePermissions = Get-PnPProperty -ClientObject $Item -Property "HasUniqueRoleAssignments"
    if ($HasUniquePermissions) {
        Write-Host "Resetting permissions for item: $($Item.FieldValues['FileRef'])"
        $Item.ResetRoleInheritance()
        $Item.Update()
        Invoke-PnPQuery
    }
}

Additionally, you can read the reliable reference document that provides a detailed guide and sample scripts for removing unique permissions from SharePoint Online list items using PowerShell:

Link reference: SharePoint Online: Delete Unique Permissions for All Items in a List using PowerShell

Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Was this answer helpful?

2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-02-02T11:42:16.8133333+00:00

    To remove user-level permissions from specific folders and files in a SharePoint document library using PowerShell, you can use the Set-SPUser cmdlet. This cmdlet allows you to configure properties of existing users, including removing their permissions. Below is a sample script that demonstrates how to remove permissions for a specific user from a folder or file without affecting the main permission settings of the document library:

    # Connect to SharePoint Online
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"
Connect-PnPOnline -Url $siteUrl -UseWebLogin

# Specify the path to the folder or file
$folderPath = "/sites/yoursite/Shared Documents/YourFolder"
$filePath = "/sites/yoursite/Shared Documents/YourFolder/YourFile.txt"

# Specify the user to remove permissions from
$userEmail = "user@example.com"

# Get the folder or file object
$folder = Get-PnPFolder -Url $folderPath
$file = Get-PnPFile -Url $filePath -AsFile

# Break permission inheritance for the folder/file if not already broken
Set-PnPListItem -List "Documents" -Identity $folder.ListItemAllFields.Id -BreakRoleInheritance -CopyRoleAssignments $false
Set-PnPListItem -List "Documents" -Identity $file.ListItemAllFields.Id -BreakRoleInheritance -CopyRoleAssignments $false

# Remove user permissions from the folder
Remove-PnPUser -List "Documents" -Identity $folder.ListItemAllFields.Id -User $userEmail

# Remove user permissions from the file
Remove-PnPUser -List "Documents" -Identity $file.ListItemAllFields.Id -User $userEmail

# Disconnect from SharePoint
Disconnect-PnPOnline

    Explanation:

    1. Connect to SharePoint: Establish a connection to your SharePoint site.
    2. Specify Paths: Define the paths for the folder and file from which you want to remove permissions.
    3. Get Objects: Retrieve the folder and file objects.
    4. Break Inheritance: Ensure that the folder and file have unique permissions by breaking inheritance.
    5. Remove Permissions: Use Remove-PnPUser to revoke the specified user's permissions from both the folder and the file.
    6. Disconnect: Clean up the session by disconnecting from SharePoint.

    Make sure to replace the placeholders with your actual SharePoint site URL, folder, file paths, and user email.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.