When you try to break permission inheritance on a SharePoint subfolder, the change often does not apply. The folder still inherits permissions from its parent site or library. This happens because SharePoint enforces a limit on unique permissions per item or per container. This article explains the root cause in the SharePoint permission model and provides a direct fix using PowerShell or site collection settings.
Key Takeaways: Breaking Permission Inheritance on a Subfolder
- SharePoint unique permission limit: SharePoint stops new inheritance breaks when a site or list reaches 50,000 unique permissions.
- Site collection admin > Site permissions > Check permissions: Use this tool to verify if inheritance is actually broken or pending.
- SharePoint Online Management Shell (PowerShell): Use the
Set-PnPListItemPermissioncmdlet to force break inheritance on a subfolder.
Why SharePoint Refuses to Break Inheritance on a Subfolder
SharePoint Online has a hard limit of 50,000 unique permission scopes per site collection. A unique permission scope is created each time you break inheritance on a list, library, folder, or item. When you attempt to break inheritance on a subfolder after exceeding this limit, SharePoint silently ignores the request. The folder continues to inherit permissions from its parent, and no error appears in the browser UI.
This limit exists to protect performance. Each unique scope requires a separate access control list entry in the database. Beyond 50,000 scopes, query times degrade and site provisioning can fail. The limit applies per site collection, not per site.
The Role of the Site Collection Permission Threshold
The 50,000-scope limit is documented in SharePoint limits and boundaries. It affects all permission inheritance breaks, not just folders. If you already have many unique permissions on lists, document libraries, or items, the next break attempt on any subfolder will fail. The UI does not warn you that you have reached the limit. You only notice when the folder still shows “Inherited permissions” after you click “Stop Inheriting Permissions.”
How Inheritance Breaks Actually Work
When you break inheritance on a folder, SharePoint copies the parent permissions to that folder and creates a new unique permission scope. This scope counts toward the 50,000 limit. If the parent list or library already has many broken scopes, the operation may exceed the limit. SharePoint then cancels the operation and leaves the folder in the inherited state.
Steps to Force Break Inheritance on a Subfolder
Before you try to break inheritance, check the current unique permission count. Then use one of the methods below to apply the fix.
Method 1: Check Current Unique Permission Count
- Open the site collection in SharePoint admin center
Go to SharePoint admin center > Active sites. Select the site that contains the subfolder. - Run the permission check report
In the site settings, choose Site permissions > Check permissions. Enter the folder name and a user account. If the result shows “Inherited from parent,” inheritance is not broken. - Use PowerShell to count unique scopes
Open the SharePoint Online Management Shell and run:Connect-SPOService -Url https://yourtenant-admin.sharepoint.com
Then run:Get-SPOSite -Identity "https://yourtenant.sharepoint.com/sites/yoursite" | Select-Object -ExpandProperty Owner
This does not directly show the scope count. To get the count, use PnP PowerShell:Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -InteractiveGet-PnPList | ForEach-Object { $_.HasUniqueRoleAssignments } | Measure-Object
This shows the number of lists with unique permissions. For items, use:Get-PnPListItem -List "Documents" -PageSize 5000 | Where-Object { $_.HasUniqueRoleAssignments } | Measure-Object
Method 2: Use PnP PowerShell to Break Inheritance
- Connect to the site
RunConnect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive - Get the folder object
Run$folder = Get-PnPFolder -Url "Shared Documents/YourSubfolder" - Break inheritance on the folder
RunSet-PnPListItemPermission -List "Shared Documents" -Identity $folder.Name -BreakInheritance
If you also want to copy the parent permissions, addCopyRoleAssignmentsto the command:Set-PnPListItemPermission -List "Shared Documents" -Identity $folder.Name -BreakInheritance -CopyRoleAssignments - Verify the change
RunGet-PnPListItem -List "Shared Documents" -Identity $folder.Name | Select-Object HasUniqueRoleAssignments
If the result isTrue, inheritance is broken.
Method 3: Reduce Unique Permissions to Make Room
- Identify lists or libraries with many unique permissions
Run the PnP PowerShell count commands from Method 1 to find the heaviest containers. - Reset inheritance on items where unique permissions are no longer needed
For each item, run:Set-PnPListItemPermission -List "ListName" -Identity $item.Id -InheritPermissions
You must loop through items. For example:$items = Get-PnPListItem -List "LargeList" -PageSize 5000
foreach ($item in $items) {
if ($item.HasUniqueRoleAssignments) {
Set-PnPListItemPermission -List "LargeList" -Identity $item.Id -InheritPermissions
}
} - Recheck the unique permission count
Run the measure commands again to confirm you are below 50,000. - Break inheritance on the subfolder using the browser UI
Go to the folder, select … > Manage access > Advanced settings > Stop Inheriting Permissions.
If SharePoint Still Refuses to Break Inheritance
“Stop Inheriting Permissions” Button Does Nothing
If you click the button and the page refreshes but inheritance remains, you have hit the 50,000-scope limit. Follow Method 3 to reduce unique permissions elsewhere in the site collection. Then try again.
Inheritance Breaks but Reverts After a Few Hours
This occurs when a timer job or a synchronization process resets permissions. Check if any custom event receiver or third-party backup tool is resetting inheritance. Also verify that no site collection admin has a script running that inherits permissions on a schedule.
Permission Inheritance Shows “Broken” but Users Cannot Access the Folder
When you break inheritance without copying role assignments, all existing permissions are removed. The folder becomes accessible only to site collection admins. To fix this, add the required users or groups using Manage access > Add people or by running Set-PnPListItemPermission -List "Shared Documents" -Identity $folder.Name -User "user@domain.com" -AddRole "Contribute".
Inherited vs Unique Permissions: Key Differences
| Item | Inherited Permissions | Unique Permissions |
|---|---|---|
| Permission storage | Stored once at the parent level | Stored separately for each child item |
| Impact on performance | Minimal | Degrades query speed beyond 50,000 scopes |
| Management effort | Low — change parent, all children update | High — each child must be managed individually |
| SharePoint limit | None | 50,000 unique scopes per site collection |
| Best for | Most folders and items | Only when specific items need restricted access |
Inherited permissions are the default and the recommended approach for most SharePoint content. Use unique permissions sparingly to stay under the 50,000-scope limit. When you do need unique permissions, break inheritance on folders instead of individual items to reduce the total scope count.
You can now break inheritance on a subfolder by first checking the unique permission count and using PowerShell to force the operation. Next, review your site collection for any lists or libraries with excessive unique permissions and reset those you no longer need. As an advanced tip, schedule a monthly PowerShell script that reports the number of unique permissions per site collection so you can plan inheritance breaks before hitting the limit.