Removing Unique Permissions from List Items in OneDrive Sites

Question

How can I remove unique permissions from list items (files and folders) contained within 600 OneDrive sites after a migration from on-premises to cloud? Based on a PowerShell (pnp) script, I attempted to reset unique permissions by breaking them on each folder and item. However, I am not getting any response from the script. Maybe my logic is wrong? Can anyone please offer suggestions on how best to approach this? The ultimate goal is to break unique permissions on end-user files and folders on OneDrive sites.

N.B. The executing account has admin privileges on all sites. The PowerShell script is as follows:

$sites = Get-PnPTenantSite -IncludeOneDriveSites -Filter "Url -like '/personal/'"
    
    $batchSize = 100
    
    function Reset-UniquePermissionsForFolder($folder) {
        # Get all subfolders of the folder
        $subFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $folder.Url -ItemType Folder
    
        # Loop through each subfolder
        foreach ($subFolder in $subFolders) {
            
            Reset-UniquePermissionsForFolder $subFolder
        }
    
        # Get all files in the folder
        $files = Get-PnPListItem -List $folder.ParentList -FolderServerRelativeUrl $folder.Url
    
        # Loop through each file
        foreach ($file in $files) {
            # Check if the file has unique permissions
            if ($file.HasUniqueRoleAssignments) {
                # Reset permission inheritance
                Set-PnPListItemPermission -List $file.ParentList -Identity $file.ID -InheritPermissions
                Write-Host "Unique permissions have been reset for file '$($file.Name)' at '$($file.Url)'"
            }
        }
    }
    
    
    function Reset-UniquePermissions($site) {
        # Get the /Documents folder of the site
        $documentsFolder = Get-PnPTenantSite -Url $site.Url | Get-PnPTenantSite -IncludeOneDriveSites | Get-PnPTenantSite -Detailed | Select-Object -ExpandProperty SiteCollections | Select-Object -ExpandProperty Templates | Where-Object { $_.Title -eq "Documents" }
    
        # Check if the /Documents folder exists
        if ($documentsFolder -ne $null) {
            Write-Host "Currently processing site: $($site.Url)"
            # Reset unique permissions on the /Documents folder and its contents
            Reset-UniquePermissionsForFolder $documentsFolder.RootFolder
        }
        else {
            Write-Host "Site $($site.Url) does not have a /Documents folder."
        }
    }
    
    # Split sites into batches
    $siteBatches = $sites | Group-Object -Property { [math]::Floor([array]::IndexOf($sites, $_) / $batchSize) }
    
    # Process batches in parallel
    $siteBatches | ForEach-Object -Parallel {
        param($batch)
        foreach ($site in $batch.Group) {
            try {
                Reset-UniquePermissions $site
            }
            catch {
                # Log the error to a file 
                Write-Error "Error processing $($site.Url): $_"
            }
        }
    } -ThrottleLimit 5 
    
   Disconnect-PnPOnline

 

Question Info

---

Last updated October 3, 2023 Views 1 Applies to:

• Microsoft 365 and Office
• /
• SharePoint
• /
• For business
• /
• Windows

You’re invited to try Microsoft 365 for free

Unlock now

Answer 1

HI @Noel Simela

Sorry to keep you waiting. According to my research, this document may be helpful to you.

Regarding this issue, you need to follow the official documentation to see whether you meet the feasibility of interrupting inheritance.
https://learn.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/error-share-break-inheritance

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards

Cheng Feng