In SharePoint, permissions are inherited from the parent site by default. However, you may need to:
✔️ Break permission inheritance on a SharePoint list to set custom permissions
✔️ Reset permissions to restore inheritance from the parent site
Using PnP PowerShell, you can efficiently manage SharePoint list permissions.
Prerequisites
Before proceeding, ensure that:
PnP PowerShell is installed
You have Site Owner or Admin permissions
You know the SharePoint site URL and list name
Step 1: Install and Import PnP PowerShell
If PnP PowerShell is not installed, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
powershellCopyEditImport-Module PnP.PowerShell
PnP PowerShell is ready!
Step 2: Connect to SharePoint Online
To connect to a SharePoint Online site, use:
# Connect to SharePoint Online
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive
🔹 Replace "yourtenant" with your SharePoint tenant name
🔹 Replace "yoursite" with your actual site name
Connected successfully!
Step 3: Break Permission Inheritance on a SharePoint List
By default, lists inherit permissions from the site. To break inheritance, use:
# Define variables
$listName = "Project Documents"
# Break inheritance and remove existing permissions
Set-PnPListPermission -Identity $listName -BreakInheritance -CopyRoleAssignments $false -ClearSubscopes $true
Write-Host "Permissions inheritance broken for list '$listName'."
🔹 -CopyRoleAssignments $false: Removes all existing permissions
🔹 -ClearSubscopes $true: Ensures all item-level permissions are reset
List now has unique permissions!
Step 4: Assign Custom Permissions to the List
After breaking inheritance, assign new permissions:
# Define variables
$listName = "Project Documents"
$groupName = "Project Managers"
$role = "Contribute"
# Assign permissions to the group
Set-PnPListPermission -Identity $listName -Group $groupName -AddRole $role
Write-Host "Assigned '$role' permissions to group '$groupName' for list '$listName'."
Group now has custom permissions on the list!
Step 5: Reset Permissions (Restore Inheritance)
To restore permissions and inherit from the parent site, use:
# Define variables
$listName = "Project Documents"
# Reset permissions to inherit from the parent site
Set-PnPListPermission -Identity $listName -ResetInheritance
Write-Host "Permissions reset and inherited from the parent site for list '$listName'."
List now inherits permissions from the parent site!
Common Errors & Solutions
| Error | Cause | Solution |
|---|---|---|
List not found | Incorrect list name | Use Get-PnPList to list available lists |
Access Denied | Insufficient permissions | Ensure you have Admin or Site Owner rights |
Group not found | Incorrect SharePoint group name | Use Get-PnPGroup to list available groups |