How to reset the specific library permission including all subfolders on SharePoint?

박윤희(Park, Yoon Hee) 21 Reputation points
2021-02-02T05:28:51.167+00:00

I found some permission problems on our company's SharePoint.

  1. From a few days ago, suddenly, some people cannot see the several folders in our company's SharePoint library.
    They are included in the 'ES' group of SharePoint, and the 'ES' group is a member of 'EWOO Soft Document Center Members'.
    But, currently, there are so many subfolders that have their own unique permission, and persons who have been not included in any other groups than 'ES' cannot see it.
    There has been only one SharePoint admin in my company. But I don't know why so many subfolders have unique permission.
    How can have unique permission without the 'grant access'?
  2. I'd like to reset the library permission or site permission including all subfolders.
    Or I'd like to get rid of all unique permissions in a specific library.
    Please let me know how can I do it.
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,907 questions
0 comments No comments
{count} votes

Accepted answer
  1. Allen Xu_MSFT 13,781 Reputation points
    2021-02-02T08:28:10.123+00:00

    Hi @박윤희(Park, Yoon Hee) ,

    • We can set unique permission to a subfolder via Select the special folder -> Click Ellipsis… -> Select Manage Access -> Click Advanced -> Select Stop Inheriting Permissions. Then you can Grant permissions or remove user permission. This issue may be caused by someone who has full control permission level to a library or a site set it to those subfolers.
    • To remove Unique Permissions from All Folders in a Document Library, please take a reference to this article: SharePoint Online: Remove Unique Permissions from All Folders in a Document Library using PowerShell.

    ----------
    update ----------
    You can use the below PowerShell Command to remove all unique permissions set everywhere(subsites/lists/libraries/list items/library files/folders...) on a site collection.

    #Load SharePoint CSOM Assemblies  
    Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
    Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"  
        
    #To call a non-generic Load Method  
    Function Invoke-LoadMethod() {  
        Param(  
                [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName  
             )  
       $Ctx = $Object.Context  
       $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load")  
       $Type = $Object.GetType()  
       $ClientLoad = $Load.MakeGenericMethod($Type)  
         
       $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)  
       $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))  
       $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)  
       $ExpressionArray.SetValue($Expression, 0)  
       $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))  
    }  
       
    #Function to Delete Unique Permission from a Web and its content  
    Function Reset-SPOUniquePermission([Microsoft.SharePoint.Client.Web]$Web)  
    {  
        Write-host -f Magenta "`nSearching Unique Permissions on the Site:"$web.Url  
           
        #Check if the given site is using unique permissions  
        Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"  
        $Ctx.ExecuteQuery()  
           
        #Get the Root Web  
        $RootWeb = $ctx.site.RootWeb  
        $Ctx.Load($RootWeb)  
        $Ctx.ExecuteQuery()  
       
        ### Reset broken inheritance on the Web  
        If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)  
        {  
            #powershell to delete unique permissions of a subsite in sharepoint online  
            $Web.ResetRoleInheritance()  
            $Web.Update()  
            $Ctx.ExecuteQuery()     
            Write-host -f Green "`t Unique Permissions Removed from the Site: $SiteURL!"  
        }  
               
        ### Reset unique permission in Lists  
        Write-host -f Magenta "`t Searching Unique Permissions on the Lists"  
        $Lists =  $Web.Lists  
        $Ctx.Load($Lists)  
        $Ctx.ExecuteQuery()  
       
        #Exclude system lists  
        $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",  
         "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",  
         ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",  
         "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")  
           
        #Iterate through each list  
        ForEach($List in $Lists)  
        {  
            $Ctx.Load($List)  
            $Ctx.ExecuteQuery()  
       
            If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)  
            {  
                #Check if the given site is using unique permissions  
                Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments"  
                $Ctx.ExecuteQuery()  
        
                #Reset broken inheritance of the list  
                If($List.HasUniqueRoleAssignments)  
                {  
                    #delete unique permissions of a subsite in sharepoint online powershell  
                    $List.ResetRoleInheritance()  
                    $List.Update()  
                    $Ctx.ExecuteQuery()     
                    Write-host -f Green "`t`tUnique Permissions Removed from the List: '$($List.Title)'"  
                }  
       
                Write-host -f Magenta "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"  
       
                #Query to batch process  
                $Query = New-Object Microsoft.SharePoint.Client.CamlQuery  
                $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"  
       
                ### Reset unique permission on List items  
                Do {   
                    #Get all items from the list - in batches  
                    $ListItems = $List.GetItems($Query)  
                    $Ctx.Load($ListItems)  
                    $Ctx.ExecuteQuery()  
                  
                    $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition  
         
                    #Loop through each List item  
                    ForEach($ListItem in $ListItems)  
                    {  
                        Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"  
                        $Ctx.ExecuteQuery()  
                        if ($ListItem.HasUniqueRoleAssignments -eq $true)  
                        {  
                            #Reset Permission Inheritance  
                            $ListItem.ResetRoleInheritance()  
                            Write-host  -ForegroundColor Green "`t`t`t Unique Permissions Removed and Inheritence Restored on Item ID:" $ListItem.ID  
                        }  
                    }  
                    $Ctx.ExecuteQuery()  
                } While ($Query.ListItemCollectionPosition -ne $null)  
            }  
        }  
       
        #Process each subsite in the site  
        $Subsites = $Web.Webs  
        $Ctx.Load($Subsites)  
        $Ctx.ExecuteQuery()         
        Foreach ($SubSite in $Subsites)  
        {  
            #Call the function Recursively  
            Reset-SPOUniquePermission($Subsite)  
        }  
    }  
       
    #Config Parameters  
    $SiteURL= "https://xxxxx.sharepoint.com/sites/xxxxx"  
        
    #Get Credentials to connect  
    $Cred = Get-Credential  
        
    Try {  
        #Setup the context  
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)  
            
        #Get the Web  
        $Web = $Ctx.Web  
        $Ctx.Load($Web)  
        $Ctx.ExecuteQuery()  
           
        #Call the function to delete unique permission from all sites in the site collection  
        Reset-SPOUniquePermission $Web  
    }  
    Catch {  
        write-host -f Red "Error:" $_.Exception.Message  
    }  
    

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful