Reset files permissions unique to Inherited

Summary

Reset bulk file permissions from unique to parent folder inheritance.

PnP PowerShell
CLI for Microsoft 365


# Make sure necessary modules are installed
# PnP PowerShell to get access to M365 tenent

Install-Module PnP.PowerShell
$siteURL = "https://tenent.sharepoint.com/sites/Dataverse"
Connect-PnPOnline -Url $siteURL -Credentials (Get-Credential)
$listName = "Document Library"
#Get the Context
$Context = Get-PnPContext

try {
    ## Get all folders from given list
    $folders = Get-PnPFolder -List $listName
}
catch {
    ## Do this if a terminating exception happens
    Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red
    try {
        Write-Host "Trying to use Get-PnPListItem" -ForegroundColor Yellow
        #Treat the folder as item, and the item attribute is Folder (FileSystemObjectType -eq "Folder")  
    $folders = Get-PnPListItem -List $listName -PageSize 500 -Fields FileLeafRef | Where {$_.FileSystemObjectType -eq "Folder"}
    }
    catch {
        Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red
    }
}

Write-Output "Total Folder found $($folders.Count)"
## Traverse all files from all folders.
foreach($folder in $folders){
    Write-Host "get all files from folder '$($folder.Name)'" -ForegroundColor DarkGreen
    $files = Get-PnPListItem -List $listName -FolderServerRelativeUrl $folder.ServerRelativeUrl -PageSize 500 
    Write-Host "Total Files found $($Files.Count) in folder $($folder.Name)" -ForegroundColor DarkGreen
    foreach ($file in $files){
        ## Check object type is file or folder.If file than do process else do nothing.
        if($file.FileSystemObjectType.ToString() -eq "File"){
            #Check File is unique permission or inherited permission.
            # If File has Unique Permission than below line return True else False
            $hasUniqueRole = Get-PnPProperty -ClientObject $file -Property HasUniqueRoleAssignments
            if($hasUniqueRole -eq $true){
                ## If File has Unique Permission than reset it to inherited permission from parent folder.
                Write-Host "Reset Permisison starting for file with id $($file.Id)" -ForegroundColor DarkGreen
                $file.ResetRoleInheritance()
                $file.update()
                $Context.ExecuteQuery()
            }
        }
    }
}
## Disconnect PnP Connection.
Disconnect-PnPOnline

Check out the PnP PowerShell to learn more at: https://aka.ms/pnp/powershell

The way you login into PnP PowerShell has changed please read PnP Management Shell EntraID app is deleted : what should I do ?

#Log in to Microsoft 365
Write-Host "Connecting to Tenant" -f Yellow

$m365Status = m365 status
if ($m365Status -match "Logged Out") {
    m365 login
}

$siteURL = Read-Host "Please enter Site URL"
$listName = Read-Host "Please enter list name"

# Get the list
$list  = m365 spo list get --title $listName --webUrl $siteURL --withPermissions --output json | ConvertFrom-Json


# Get all files in the list
$files = m365 spo file list --webUrl $siteURL --folder $listName --recursive --output json | ConvertFrom-Json
foreach ($file in $files) {
    # Avoid error: Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'Id' and 'ID'
    $fileProperties = m365 spo file get --webUrl $siteURL --id $file.UniqueId --asListItem --output json | ForEach-Object { $_.replace("Id", "_Id") } | ConvertFrom-Json
    
    if ($fileProperties.ID) {
        Write-Host "Processing file $($file.ServerRelativeUrl)"

        # Get the list item
        $listItem = m365 spo listitem get --webUrl $siteURL --listId $list.Id --id $fileProperties.ID --properties "HasUniqueRoleAssignments" | ConvertFrom-Json
        if ($listItem.HasUniqueRoleAssignments) {
            Write-Host "Restoring the role inheritance of list item: $($file.ServerRelativeUrl)"
            m365 spo listitem roleinheritance reset --webUrl $siteURL --listItemId $fileProperties.ID --listId $list.Id
        }
    }
}

Check out the CLI for Microsoft 365 to learn more at: https://aka.ms/cli-m365

Important changes coming to the way you login into CLI for Microsoft 365 (effective 9th September 2024) see Changes in PnP Management Shell registration in Microsoft 365

Contributors

Author(s)
Dipen Shah
Nanddeep Nachan
Valeras Narbutas
Rob Ellis

Disclaimer

THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.