After migrating a SharePoint document library from an on-premises server or another site collection, you may find the library still shows the old permission inheritance instead of adopting the new site’s permissions. This happens because SharePoint migration tools often preserve the original unique permissions from the source library. In this article, you will learn why the inherited permissions break during migration and how to restore proper inheritance so the library respects the parent site’s permission settings.
Key Takeaways: Fixing Permission Inheritance After Library Migration
- SharePoint admin center > Active sites > Site permissions: Quickly check if the library has broken inheritance by comparing the site’s permission summary with the library’s permission page.
- Library settings > Permissions for this document library > Inherit Permissions: The single button that restores inheritance from the parent site, removing all old unique permissions.
- PowerShell command Set-PnPLibraryInheritance -Identity “LibraryName” -Inherit: Bulk-fix multiple libraries in one script without navigating the web interface for each library.
Why a Migrated Library Retains Old Permission Inheritance
When you migrate a SharePoint library using tools like the SharePoint Migration Tool or a third-party solution, the tool copies the library’s metadata, content, and permission settings exactly as they existed in the source environment. If the source library had unique permissions — meaning it did not inherit permissions from its parent site — those unique permissions are preserved in the destination. The migration tool does not automatically merge or reset permissions to match the new site’s inheritance model.
The root cause is that SharePoint treats each migrated library as a distinct securable object. The library’s permission inheritance is set to “broken” from the moment it is created in the destination. The tool writes the old Access Control List directly into the library’s permission settings. As a result, users who had access in the old environment retain access, and users who should have access through the new site’s groups may be denied. This behavior is consistent across all SharePoint versions — both SharePoint Server and SharePoint Online.
Another contributing factor is that migration tools often run in “preserve permissions” mode by default. Administrators may not realize this setting is enabled. The tool interprets “preserve” as “keep everything exactly as it is,” including broken inheritance. Unless you explicitly disable permission preservation in the migration settings, the library will arrive with its old inheritance state.
Steps to Restore Permission Inheritance on a Migrated Library
The following steps apply to SharePoint Online and SharePoint Server 2019 and later. The web interface method works for one library at a time. The PowerShell method works for multiple libraries in a single run.
Method 1: Using the SharePoint Web Interface
- Open the library and access its settings
Navigate to the SharePoint site that contains the migrated library. Click the gear icon in the top-right corner and select Library settings. If you are on a modern SharePoint site, you may need to click the library name, then the ribbon’s gear icon, then Library settings. - Go to the permissions page
In the Library settings page, under the Permissions and Management section, click Permissions for this document library. This opens the permission page for the library. - Check the inheritance status
Look at the ribbon or the toolbar. If the library has unique permissions, the button Inherit Permissions is visible. If the library already inherits permissions, you will see a Stop Inheriting Permissions button instead. For a migrated library that kept old inheritance, you should see Inherit Permissions. - Click Inherit Permissions
Click the Inherit Permissions button. A confirmation dialog appears warning that all unique permissions will be removed. Click OK. SharePoint removes all direct permission entries on the library and sets the library to inherit permissions from its parent site. - Verify the change
Refresh the permission page. The button should now read Stop Inheriting Permissions, confirming that inheritance is restored. Users who had access through the old unique permissions are removed. Users now must have access through the site’s permission groups to see the library.
Method 2: Using PowerShell with PnP PowerShell
Use PnP PowerShell to fix multiple libraries in one script. You need the PnP.PowerShell module installed.
- Connect to your SharePoint site
RunConnect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive. Replace the URL with your actual site URL. - Get the library you want to fix
Run$library = Get-PnPList -Identity "LibraryName". ReplaceLibraryNamewith the display name of your migrated library. - Check if the library has unique permissions
Run$library.HasUniqueRoleAssignments. If it returnsTrue, the library has broken inheritance. - Restore inheritance
RunSet-PnPList -Identity "LibraryName" -BreakRoleInheritance:$false. This command resets the library to inherit permissions from the parent site. No confirmation dialog appears. - Verify the change
Run$library = Get-PnPList -Identity "LibraryName"; $library.HasUniqueRoleAssignments. It should now returnFalse.
To fix all libraries in a site that have broken inheritance, run a loop:
$site = Get-PnPSite
$lists = Get-PnPList | Where-Object { $_.HasUniqueRoleAssignments -eq $true -and $_.BaseType -eq "DocumentLibrary" }
foreach ($list in $lists) {
Write-Host "Fixing $($list.Title)"
Set-PnPList -Identity $list.Id -BreakRoleInheritance:$false
}
If the Library Still Shows Old Permissions After the Fix
Permission Changes Do Not Propagate to Subfolders
Restoring inheritance on the library does not automatically fix subfolders or files that had unique permissions before the migration. Each subfolder and file with unique permissions must be reset individually. Use PowerShell to loop through all items and reset their inheritance:
$items = Get-PnPListItem -List "LibraryName" -PageSize 500
foreach ($item in $items) {
if ($item.HasUniqueRoleAssignments) {
Set-PnPListItemPermission -List "LibraryName" -Identity $item.Id -Inherit
}
}
The Library Still Shows Old Users Because of Cached Permissions
SharePoint permission changes take a few minutes to propagate to all front-end servers and cached views. Wait 15 minutes and refresh the permission page. If old users still appear, clear your browser cache or open the site in a private browser window.
Migration Tool Reapplied Permissions After the Fix
If you ran a migration job after fixing inheritance, the tool may have reapplied the old permissions. Always fix inheritance as the last step after all migration jobs complete. Some tools have a “permission merge” setting that can overwrite inheritance changes. Disable that setting in the tool before running the final migration pass.
Inherited vs Unique Permissions After Migration: Key Differences
| Item | Inherited Permissions | Unique Permissions |
|---|---|---|
| Permission source | Parent site or parent object | Directly assigned on the library |
| Management effort | Low — change permissions in one place | High — each library must be managed separately |
| After migration default | Not preserved unless explicitly set | Preserved by most migration tools |
| Performance impact | None | Slower permission evaluation for large libraries |
| Recommended for most teams | Yes | Only when strict isolation is required |
After restoring inheritance, you can manage all permissions from the site’s permission page. Use SharePoint admin center > Active sites > Site permissions to review site-level groups and sharing settings.