Removing Unique Permissions from List Items in OneDrive Sites

Noel Simela 20 Reputation points
2023-10-03T12:36:15.3466667+00:00

How can I remove unique permissions from list items (files and folders) contained within 600 OneDrive sites after a migration from on-premises to cloud? Based on a PowerShell (pnp) script, I attempted to reset unique permissions by breaking them on each folder and item. However, I am not getting any response from the script. Maybe my logic is wrong? Can anyone please offer suggestions on how best to approach this? The ultimate goal is to break unique permissions on end-user files and folders on OneDrive sites.

N.B. The executing account has admin privileges on all sites. The PowerShell script is as follows:

$sites = Get-PnPTenantSite -IncludeOneDriveSites -Filter "Url -like '/personal/'"
    
    $batchSize = 100
    
    function Reset-UniquePermissionsForFolder($folder) {
        # Get all subfolders of the folder
        $subFolders = Get-PnPFolderItem -FolderSiteRelativeUrl $folder.Url -ItemType Folder
    
        # Loop through each subfolder
        foreach ($subFolder in $subFolders) {
            
            Reset-UniquePermissionsForFolder $subFolder
        }
    
        # Get all files in the folder
        $files = Get-PnPListItem -List $folder.ParentList -FolderServerRelativeUrl $folder.Url
    
        # Loop through each file
        foreach ($file in $files) {
            # Check if the file has unique permissions
            if ($file.HasUniqueRoleAssignments) {
                # Reset permission inheritance
                Set-PnPListItemPermission -List $file.ParentList -Identity $file.ID -InheritPermissions
                Write-Host "Unique permissions have been reset for file '$($file.Name)' at '$($file.Url)'"
            }
        }
    }
    
    
    function Reset-UniquePermissions($site) {
        # Get the /Documents folder of the site
        $documentsFolder = Get-PnPTenantSite -Url $site.Url | Get-PnPTenantSite -IncludeOneDriveSites | Get-PnPTenantSite -Detailed | Select-Object -ExpandProperty SiteCollections | Select-Object -ExpandProperty Templates | Where-Object { $_.Title -eq "Documents" }
    
        # Check if the /Documents folder exists
        if ($documentsFolder -ne $null) {
            Write-Host "Currently processing site: $($site.Url)"
            # Reset unique permissions on the /Documents folder and its contents
            Reset-UniquePermissionsForFolder $documentsFolder.RootFolder
        }
        else {
            Write-Host "Site $($site.Url) does not have a /Documents folder."
        }
    }
    
    # Split sites into batches
    $siteBatches = $sites | Group-Object -Property { [math]::Floor([array]::IndexOf($sites, $_) / $batchSize) }
    
    # Process batches in parallel
    $siteBatches | ForEach-Object -Parallel {
        param($batch)
        foreach ($site in $batch.Group) {
            try {
                Reset-UniquePermissions $site
            }
            catch {
                # Log the error to a file 
                Write-Error "Error processing $($site.Url): $_"
            }
        }
    } -ThrottleLimit 5 
    
   Disconnect-PnPOnline

 

Question Info


Last updated October 3, 2023 Views 1 Applies to:

You’re invited to try Microsoft 365 for free

Unlock now

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,904 questions
OneDrive Management
OneDrive Management
OneDrive: A Microsoft file hosting and synchronization service.Management: The act or process of organizing, handling, directing or controlling something.
1,287 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,640 questions
{count} votes

Accepted answer
  1. ChengFeng - MSFT 5,040 Reputation points Microsoft Vendor
    2023-10-09T06:58:49.0733333+00:00

    HI @Noel Simela

    Sorry to keep you waiting. According to my research, this document may be helpful to you.

    Regarding this issue, you need to follow the official documentation to see whether you meet the feasibility of interrupting inheritance.
    https://learn.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/error-share-break-inheritance

    User's image


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards

    Cheng Feng


1 additional answer

Sort by: Most helpful
  1. PeteL 0 Reputation points
    2024-11-22T09:24:22.65+00:00

    Did you get anywhere with this Noel? We've got a massive similar issue! Need to run something like this against our one drive and sharepoint sites.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.