You reset a SharePoint document library to inherit permissions from its parent site. Later you check the library and find unique permissions have reappeared. This happens because SharePoint retains permission snapshots for items inside the library that were previously broken from inheritance. This article explains why those snapshots cause unique permissions to reappear and gives you the exact steps to permanently remove them.
The root cause is that resetting inheritance on a library does not automatically clean up permission snapshots stored on individual items or folders within that library. When SharePoint recalculates permissions during a background timer job, it re-applies those stored snapshots, making the library appear to have unique permissions again. You will learn how to identify the hidden snapshots, clear them, and prevent the problem from returning.
This fix applies to SharePoint Online (Microsoft 365) and SharePoint Server 2019 and later. The steps work for both classic and modern document libraries.
Key Takeaways: Resetting SharePoint Library Permissions Without Ghost Snapshots
- Site Settings > Site Permissions > Check Permissions: Use the Check Permissions tool to verify that the library actually inherits permissions after the reset.
- Library Settings > Permissions for this document library > Stop Inheriting Permissions > Delete Unique Permissions: The only reliable method to purge stored permission snapshots from items in the library.
- PowerShell command Remove-SPOUser -Site: Removes orphaned permission entries that survive a standard reset from SharePoint Online.
Why Unique Permissions Reappear After a Library Reset
SharePoint stores permission information at three levels: site, library, and item. When you break permission inheritance on a library, every item and folder inside that library stores its own permission snapshot. The reset operation changes the library-level permission setting back to Inherit Permissions, but it does not touch the snapshots on individual items.
SharePoint runs a background timer job called the Permission Cleanup Timer Job. This job checks every item and folder in the library for permission snapshots. If it finds a snapshot that differs from the parent site, it writes that snapshot back to the library. The result is that the library shows unique permissions again, even though you just reset it.
The same problem occurs when you use the Reset to Inherit Permissions button in the library settings. That button only clears the flag at the library level. It does not delete the stored snapshots on sub-items. The snapshots remain in the SharePoint content database and are re-applied during the next permission recalculation cycle.
How to Detect Stored Permission Snapshots
Open the library in a browser. Select any folder or file. Click the ellipsis (three dots) and choose Manage Access. If the panel shows Unique permissions for that item, a snapshot exists. The library itself may show Inherited at the top, but the item-level snapshot will cause the library to revert to unique permissions after the next timer job runs.
Steps to Permanently Remove Unique Permissions From a Library
The method below removes all stored permission snapshots from items in the library and prevents the unique permissions from reappearing. Perform these steps in the order shown.
- Break inheritance on the library again
Go to the library settings. Click Permissions for this document library. Click Stop Inheriting Permissions. Confirm the action. This makes the library a separate permission scope again and allows you to see all items with stored snapshots. - Delete all unique permissions from the library
Still in the library permissions page, click Delete Unique Permissions. This command removes every permission snapshot stored on items and folders inside the library. It does not delete the items themselves, only their stored permission data. - Reset the library to inherit permissions
Click Inherit Permissions. SharePoint now recalculates the library permissions. Because no snapshots remain on items, the library stays in inherited mode. Verify by refreshing the page and checking the library permissions status. - Use the Check Permissions tool to confirm
Go to Site Settings > Site Permissions. Click Check Permissions. Enter a user name or group. The tool shows whether access is granted through the parent site. If every user shows Granted through the parent site, inheritance is clean. - Run the permission cleanup timer job manually (SharePoint Server only)
If you use SharePoint Server, open Central Administration. Go to Monitoring > Timer Jobs > Review job definitions. Find Permission Cleanup and click Run Now. This forces the recalculation immediately so you can verify the fix.
PowerShell Method for Bulk Cleanup (SharePoint Online)
For libraries with more than 5,000 items, the browser method may time out. Use PowerShell to remove orphaned permission entries in bulk.
- Connect to SharePoint Online
Open SharePoint Online Management Shell. RunConnect-SPOService -Url https://yourtenant-admin.sharepoint.com. Sign in with a global admin or SharePoint admin account. - Get the site collection and library
Run$site = Get-SPOSite -Identity https://yourtenant.sharepoint.com/sites/yoursite. Then$web = Get-SPWeb -Site $site. Replace the URLs with your actual site and library paths. - Remove unique permission entries from items
RunGet-SPOListItem -Web $web -List "YourLibraryName" | Where-Object {$_.HasUniqueRoleAssignments -eq $true} | ForEach-Object {$_.ResetRoleInheritance()}. This clears all item-level permission snapshots in the library. - Reset the library inheritance
Run$list = $web.Lists["YourLibraryName"]; $list.ResetRoleInheritance(). This resets the library to inherit permissions from the site.
If Unique Permissions Still Reappear After the Fix
Even after following the steps above, unique permissions may reappear in specific scenarios. The sections below cover the most common causes and their solutions.
SharePoint Library Shows Unique Permissions After Reset but No Items Have Unique Permissions
This happens when a permission change is pending in the SharePoint change log. The library itself has no snapshots, but a recent operation created a permission change entry that has not been processed. Wait 15 minutes for the timer job to run. If the problem persists, run the permission cleanup timer job manually as described in step 5 of the main fix.
Unique Permissions Reappear After Moving Files Into the Library
When you move files from another library or site, SharePoint carries over the permission snapshots from the source location. The moved files arrive with their own unique permissions. After the move, select all the moved files. Use the Manage Access panel and click Remove unique permissions for each selected file. Then reset the library inheritance again.
Unique Permissions Reappear After a Site Collection Restore
If you restore a site collection from a backup or recycle bin, SharePoint restores the permission snapshots that existed at the time of the backup. After the restore, break inheritance on the library, delete unique permissions, and reset inheritance again. This removes the restored snapshots.
Library Reset Methods: Browser vs PowerShell
| Item | Browser Method | PowerShell Method |
|---|---|---|
| Scope | Single library | Multiple libraries or site collections |
| Item limit | Works up to 5,000 items | Works for any number of items |
| Snapshot removal | Manual Delete Unique Permissions | ResetRoleInheritance() cmdlet |
| Permission recalculation | Automatic on Inherit Permissions | Manual via timer job or ResetRoleInheritance() |
| User interface required | Yes | No |
You can now permanently remove unique permissions from any SharePoint library and prevent them from reappearing after a reset. Start by checking whether any items still hold permission snapshots. If they do, use the browser method for small libraries or PowerShell for large libraries. After clearing the snapshots, reset inheritance one final time. For ongoing maintenance, run a weekly PowerShell script that checks for libraries with unexpected unique permissions and clears them automatically.