Oct 14 2020 09:23 AM
When we are importing File Server content into SharePoint using dedicated tools for, we can import permission set configured at the sub levels (subfolders or documents). That import can create some issues due to incorrect configuration in place on original File Server.
But how can we check one user complaining to not see or access the content as it was into the File Server ?
That need to be reviewed at any SharePoint Content Level with Permission Management with "Administrator Permission" with the link "Manage Access".
You have to select the link (at the bottom) "Advanced" to have the exact permission set configured at this level
Based on that situation, you can decide what to apply at this folder or file level. You can:
But this config could concern many other sublevels and wait the user complains is probably not the best option.
How to track folders or files with unique permissions ?
You can do that using the Document Library Permission Settings from:
You will have the permission configuration in place at this root Document library level.
But the first line will explain (if that is the case into your document library) the status of sublevel:
When you are clicking on that link it will show you a part of customized levels.
You can change the permission set for each of those level clicking on "Manage Permissions" to have the same details we look in the first part of this message.
Now as you can imagine with a document library could contains thousands of folders, this manual action is really huge.
How reset all customized permissions configured at sublevel ?
That is the best option you can select as site admin, using PowerShell and an interesting PS Module named:
This following script will help IT Team to reconfigure all content customized into the document library and cancel this and reconfigure permission inheritance instead.
#install-module SharePointPnPPowerShellOnline -Force #to install that module the first time only
Write-Host " ---------------------------------------------- "
Import-Module SharePointPnPPowerShellOnline
Write-Host " ---------------------------------------------- "
#Config Variables
$SiteURL = "https://yourtenant.sharepoint.com/sites/YourSiteCollection/"
$ListTitle = "Document Library Name"
$foldertoscope = "/sites/YourSiteCollection/YourDocumentLibrary/"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -UseWebLogin
$ctx = Get-PnPContext
$ctx.Load($ctx.Web.Lists)
$ctx.Load($ctx.Web)
$ctx.Load($ctx.Web.Webs)
$ctx.ExecuteQuery()
$ll=$ctx.Web.Lists.GetByTitle($ListTitle)
$ctx.Load($ll)
$ctx.ExecuteQuery()
## View XML
$qCommand = @"
<View Scope="RecursiveAll">
<Query>
<OrderBy><FieldRef Name='ID' Ascending='TRUE'/></OrderBy>
</Query>
<RowLimit Paged="TRUE">5000</RowLimit>
</View>
"@
## Page Position
$position = $null
## All Items
$allItems = @()
Do{
$camlQuery = New-Object Microsoft.SharePoint.Client.CamlQuery
$camlQuery.ListItemCollectionPosition = $position
$camlQuery.ViewXml = $qCommand
## Executing the query
$currentCollection = $ll.GetItems($camlQuery)
$ctx.Load($currentCollection)
$ctx.ExecuteQuery()
## Getting the position of the previous page
$position = $currentCollection.ListItemCollectionPosition
# Adding current collection to the allItems collection
$allItems += $currentCollection
Write-Host "Collecting items. Current number of items: " $allItems.Count
}
while($position -ne $null)
Write-Host "Total number of items: " $allItems.Count
for($j=0;$j -lt $allItems.Count ;$j++)
{
if($allItems[$j]["FileRef"].StartsWith($foldertoscope))
{
Write-Host "Resetting permissions for " $allItems[$j]["Title"] ".." $allItems[$j]["FileRef"]
$allItems[$j].ResetRoleInheritance()
$ctx.ExecuteQuery()
}
}
Now you can adapt the permissions as much as you need to
Fabrice Romelard
Jan 29 2021 06:06 AM
@Fabrice RomelardYou sir are a genetleman and a scholar. Saved me a lot of time and effort. 10/10 works a treat.
Feb 04 2021 05:15 AM
Jun 10 2021 02:30 AM
Jun 10 2021 04:39 PM
@aprietoYes, you can apply this just to a subfolder within a library. I found this site looking to do just that. You just need to set the "$foldertoscope =" parameter to the relative URL of the folder. The final loop of the script compares the path of every object to that string, and if it starts with that string, it resets the permissions.
Jun 16 2021 01:47 AM
Jul 27 2021 09:44 AM
@Fabrice Romelard Thanks. I am trying to reset permissions for a specific folder within a library. I have gotten the script to run, but it just returns the amount of items it found in the whole document library not just that specific folder. It also does not go into the next step of resetting the permissions. Any advice would be much appreciated.
Jul 27 2021 09:52 AM
Oct 15 2021 03:38 AM
Feb 02 2022 04:11 AM
Apr 05 2022 03:27 PM
Jun 15 2022 01:30 PM
Sep 23 2022 07:28 PM - edited Sep 23 2022 07:40 PM
Hello I have seen a couple comments that it is not resetting but only counting or doing "item collection"
I am not sure if it was just a formatting issue but I have gotten the current script to work. I have set the variables to a default non-usable value. Please edit them to fit your environment
#install-module SharePointPnPPowerShellOnline -Force #to install that module the first time only
Write-Host " ---------------------------------------------- "
Import-Module PnP.PowerShell
Write-Host " ---------------------------------------------- "
#Config Variables
$SiteURL = "https://domain.sharepoint.com/sites/SiteName"
$ListTitle = "Documents"
#For some libraries it will be Shared%20Documents. Be sure to retain the slash before /sites/SiteName/Documents
$foldertoscope = "/sites/SiteName/Documents"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
$ctx = Get-PnPContext
$ctx.Load($ctx.Web.Lists)
$ctx.Load($ctx.Web)
$ctx.Load($ctx.Web.Webs)
$ctx.ExecuteQuery()
$ll=$ctx.Web.Lists.GetByTitle($ListTitle)
$ctx.Load($ll)
$ctx.ExecuteQuery()
## View XML
$qCommand = @"
<View Scope="RecursiveAll">
<Query>
<OrderBy><FieldRef Name='ID' Ascending='TRUE'/></OrderBy>
</Query>
<RowLimit Paged="TRUE">5000</RowLimit>
</View>
"@
## Page Position
$position = $null
## All Items
$allItems = @()
Do{
$camlQuery = New-Object Microsoft.SharePoint.Client.CamlQuery
$camlQuery.ListItemCollectionPosition = $position
$camlQuery.ViewXml = $qCommand
## Executing the query
$currentCollection = $ll.GetItems($camlQuery)
$ctx.Load($currentCollection)
$ctx.ExecuteQuery()
## Getting the position of the previous page
$position = $currentCollection.ListItemCollectionPosition
# Adding current collection to the allItems collection
$allItems += $currentCollection
Write-Host "Collecting items. Current number of items: " $allItems.Count
}
while($position -ne $null)
Write-Host "Total number of items: " $allItems.Count
for($j=0;$j -lt $allItems.Count ;$j++)
{
if($allItems[$j]["FileRef"].StartsWith($foldertoscope))
{
Write-Host "Resetting permissions for " $allItems[$j]["Title"] ".." $allItems[$j]["FileRef"]
$allItems[$j].ResetRoleInheritance()
$ctx.ExecuteQuery()
}
}
Feb 16 2023 11:58 AM
Thank you for this! This script was very helpful and using it saved myself tons of time!
Feb 17 2023 06:34 AM
Mar 09 2023 04:37 AM
I know you asked well over 6 months ago but if anyone else faces the same problem, here is how I fixed it
For a root SharePoint site it should be set out like this:
#Config Variables
$SiteURL = "https://company.sharepoint.com/"
$ListTitle = "Documents"
$foldertoscope = "/Shared Documents/"
Mar 22 2023 09:59 AM
Feb 21 2024 09:04 AM
Jul 12 2024 04:02 AM
@bobito
Two notes:
Running the script from Visual Studio code does not work.
I managed to get to the reset permissions phase: the content of the $foldertoscope is case sensitive. I recommend to check (print) the value of ($allItems[$j]["FileRef"] and use that to set the value of $foldertoscope