-
Notifications
You must be signed in to change notification settings - Fork 249
Resets the permissions on every item in a SharePoint document library
directorcia edited this page Apr 10, 2026
·
1 revision
Resets the permissions on every item in a SharePoint document library so that each item inherits its permissions from the library rather than having unique (broken) permissions set directly on it.
| Requirement | Detail |
|---|---|
| PowerShell version | 7 or later |
| Module | PnP PowerShell (PnP.PowerShell) |
| Active connection | Must already be connected to the target SharePoint site via PnP before running this script. Use o365-connect-pnp.ps1 to establish the connection. |
| Parameter | Type | Default | Description |
|---|---|---|---|
-debug |
Switch | $false |
When set, enables transcript logging. All console output is written to ..\spo-doclib-reset.txt in the parent directory. The log file is overwritten on each run. |
-prompt |
Switch | $false |
When set, prompts the user to confirm before any permissions are changed. The script will not proceed until Y or N is entered. |
- Parameters are evaluated and console message colours are assigned (
cyan= system,green= process,red= error,yellow= warning). - The console is cleared.
- If
-debugis set, a transcript is started at..\spo-doclib-reset.txt. - The active parameter values are printed to the console.
$lists = Get-PnPList- Calls
Get-PnPListto retrieve all lists and libraries from the currently connected SharePoint site. - If this call fails (e.g. no active PnP connection), error code
[001]is displayed, the transcript is stopped (if active), and the script exits with exit code 1.
- The retrieved lists are piped through
Select-Object(Title, Id), sorted alphabetically by Title, and presented in a graphical grid view (Out-GridView) with single-selection mode. - The operator clicks a row and presses OK to confirm their selection.
- If the grid view is closed without a selection (e.g. clicking Cancel or pressing Escape), a warning is displayed and the script exits with exit code 0.
$items = (Get-PnPListItem -List $selectedList.id -pagesize 5000 -Fields "Title","GUID","FileRef").FieldValues- Reads all items from the selected list in pages of up to 5,000 items at a time.
- The fields
Title,GUID, andFileRef(the server-relative file path) are fetched for each item. - The total item count is printed to the console.
- This step can take considerable time for large libraries.
- Only executed when
-promptis set. - The operator is asked
Are you sure [Y/N]in a loop until a non-empty response is given. - Entering
Nornstops the script immediately with exit code 2 (transcript stopped if active). - Any other non-empty response (including
Yory) continues execution.
Set-PnPListItemPermission -List $selectedList.id -Identity $item.ID -InheritPermissions- Iterates over every item retrieved in step 4.
- For each item, the current progress (
[n of total]), item ID, and file path are printed. -
Set-PnPListItemPermission -InheritPermissionsremoves any unique permissions on the item and restores inheritance from the parent library. - A per-item
SuccessorFailedresult is printed. Failures display the exception message but do not stop the loop — all remaining items continue to be processed.
- A completion message is printed.
- If
-debugis set, the transcript is stopped.
| Code | Meaning |
|---|---|
0 |
Normal exit — no list was selected in the grid view, or the script completed successfully. |
1 |
Failed to retrieve site lists (no active PnP connection or insufficient permissions). |
2 |
Operator chose not to proceed at the confirmation prompt (-prompt mode). |
| Colour | Usage |
|---|---|
| Cyan | Start and completion banners |
| Green | Progress and informational messages |
| Yellow | Warnings (e.g. no list selected) |
| Red | Errors and failure details |
Basic run (no logging, no confirmation):
.\spo-doclib-reset.ps1Run with transcript logging enabled:
.\spo-doclib-reset.ps1 -debugRun with confirmation prompt before making changes:
.\spo-doclib-reset.ps1 -promptRun with both logging and confirmation:
.\spo-doclib-reset.ps1 -debug -prompt- The script requires an active PnP connection to the target site before it is run. It does not connect itself.
- The transcript log (
..\spo-doclib-reset.txt) is written to the parent directory of wherever the script is located, and is overwritten on each run — it does not accumulate across runs. - Individual item failures are reported and skipped; the script does not abort mid-run on item-level errors.
- The page size for item retrieval is fixed at 5,000. For libraries with more than 5,000 items,
Get-PnPListItemwill make multiple requests automatically.
Script provided as is. Use at own risk. No guarantees or warranty provided.
Source: https://github.com/directorcia/patron/blob/master/spo-doclib-reset.ps1