As a SharePoint site owner, you may discover that some items or folders no longer share the same access as the rest of the site. This happens when someone breaks permission inheritance on a document, folder, or sub-site, creating what SharePoint calls unique permissions. Without a regular audit, these scattered permission breaks can become a security risk and a management headache. This article provides a practical checklist that site owners can follow to locate all items with unique permissions across a SharePoint site, review them, and decide whether to restore inheritance or keep the custom access.

Key Takeaways: Audit Unique Permissions in SharePoint

Site Settings > Site permissions > Check permissions: Use this page to see permission inheritance status for the entire site.
Library Settings > Permissions for this document library: View and manage unique permissions on a specific library or list.
Manage access pane in a folder or file: Quickly check if an item has inherited or unique permissions from the context menu.

Why Unique Permissions Occur and Why They Matter

When you create a SharePoint site, all content inherits the permissions set at the site level. Breaking permission inheritance means you stop that flow and assign specific permissions to a folder, document, or list item. SharePoint tracks these breaks in a hidden list called the User Information List, but there is no single native button that shows every item with unique permissions across the entire site.

The technical root cause of unique permissions is simple: a site member, owner, or administrator explicitly chose to stop inheriting permissions on a particular item. This is often done to grant a contractor access to one folder or to hide a sensitive document from most of the team. However, over time, these breaks accumulate. A site with hundreds of unique permission items becomes difficult to manage, slows down permission audits, and increases the chance that a former employee still has access to a specific document.

SharePoint does not provide a built-in report that aggregates all unique permissions across lists, libraries, and sub-sites. Site owners must use a combination of native tools and manual checks. The checklist below covers both the browser-based methods and a lightweight PowerShell approach for larger sites.

Checklist: Audit Unique Permissions Across a SharePoint Site

Use the following steps to identify every item with unique permissions in your SharePoint site. Start with the site-level check, then move through each library and list.

Check the site-level permission status
Go to your SharePoint site. Click the gear icon (Settings) and select Site permissions. In the Site permissions pane, look for the Permission inheritance section. If you see Unique permissions listed, the site itself has broken inheritance. This means the entire site does not inherit from the parent. If you see Inherited from parent, the site uses the parent site’s permissions.
Use the Check Permissions tool for a user
In the Site permissions pane, click Check permissions. Enter a user’s name or email. The tool shows exactly which permissions that user has and whether they come from inheritance or a unique assignment. This helps confirm if a specific user has unexpected access.
Review each library and list for unique permissions
Navigate to a document library or list. Click the gear icon and select Library settings or List settings. In the Settings page, under Permissions and Management, click Permissions for this document library (or list). If the ribbon shows a Stop Inheriting Permissions button, the library is currently inheriting. If you see a Delete Unique Permissions button, the library has unique permissions. Write down the name of each library or list that has unique permissions.
Inspect folders and files within a library
Open the library that has unique permissions. Hover over a folder or file, click the three dots (ellipsis), and select Manage access. In the Manage access pane, look at the top of the panel. If you see Inherited from followed by the library or site name, the item inherits. If you see This item has unique permissions, the inheritance was broken. Check the subfolders and files inside any folder that has unique permissions.
List all sub-sites and check their inheritance
If your site has sub-sites, each one must be checked separately. From the site’s home page, click Site contents and look for sub-sites listed under Subsites. Click each sub-site and repeat steps 1 through 4. A sub-site can inherit from the parent site or have its own unique permissions.
Use SharePoint admin center to run a permissions report
Only do this step if you are a SharePoint admin. Go to the SharePoint admin center, expand Reports, and select Content explorer. Use the Permissions tab to view sites, libraries, and items that have unique permissions. This report covers all sites in the tenant but requires admin privileges.
Export permissions data with PowerShell
For large sites with many items, use the SharePoint Online Management Shell. Run the following script to export all items with unique permissions to a CSV file. This method requires the SharePoint Online Management Shell module installed. Replace https://tenant.sharepoint.com/sites/yoursite with your site URL.
```
Connect-SPOService -Url https://tenant-admin.sharepoint.com
$siteUrl = "https://tenant.sharepoint.com/sites/yoursite"
$results = @()
Get-SPOSiteGroup -Site $siteUrl | ForEach-Object {
    $group = $_
    Get-SPOUser -Site $siteUrl -Group $group.LoginName | ForEach-Object {
        $results += [PSCustomObject]@{
            User = $_.LoginName
            Group = $group.Title
            Site = $siteUrl
        }
    }
}
$results | Export-Csv -Path "C:\temp\permissions.csv" -NoTypeInformation
```
Note: This script exports all users and groups. To identify unique permissions, you must compare the output against the site-level group memberships. A more advanced script using Get-PnPListItem and Get-PnPProperty can directly list items with broken inheritance.
Decide which unique permissions to keep and which to revert
After you have the list of items with unique permissions, review each one. Ask: Is the custom access still needed? If not, restore inheritance. To restore inheritance, go to the item’s Permissions page and click Delete Unique Permissions. This removes the custom permissions and applies the parent’s permissions. Be careful: restoring inheritance removes all current unique permissions on that item.

Common Issues When Auditing Unique Permissions

Permission inheritance status shows incorrectly

Sometimes the Permissions page shows Inherited from parent even though some users have access that does not come from the parent. This usually happens when a user was added directly through the Share dialog. The Share dialog creates a unique permission on the item without visibly breaking inheritance in the Permissions page. To detect this, use the Manage access pane on the specific item. If you see users listed who are not in the parent site’s groups, the item has unique permissions.

Cannot delete unique permissions because of an error

If you click Delete Unique Permissions and receive an error, the item may have a security policy or a retention label that requires unique permissions. Check if the item has a Microsoft 365 retention label or compliance policy attached. Remove the label first, then try again. Also, ensure you have Full Control or Owner permissions on the item.

PowerShell script returns no items with unique permissions

The basic PowerShell script shown earlier does not directly query for broken inheritance. Use the PnP PowerShell module for that. After installing PnP PowerShell, run:

Connect-PnPOnline -Url $siteUrl -Interactive
Get-PnPListItem -List "Documents" -PageSize 1000 | Where-Object { $_.HasUniqueRoleAssignments -eq $true } | Select-Object Id, Title

This command lists every item in the Documents library where HasUniqueRoleAssignments is true. Replace "Documents" with the name of your library. For all lists in the site, loop through Get-PnPList.

Item	Browser Method	PowerShell Method
Site-level permission check	Site Settings > Site permissions	Get-PnPSite – Includes HasUniqueRoleAssignments
Library or list check	Library Settings > Permissions for this document library	Get-PnPList \| Select Title, HasUniqueRoleAssignments
Item-level check	Manage access pane on the item	Get-PnPListItem -List $list \| Where HasUniqueRoleAssignments
Report export	Not available natively	Export to CSV using PnP PowerShell

Conclusion

You can now audit unique permissions on your SharePoint site using the checklist steps. Start with the site-level permission check, then inspect each library and list. Use the Manage access pane on individual items to confirm broken inheritance. For larger sites, use PnP PowerShell to export a full report of items where HasUniqueRoleAssignments is true. After identifying all unique permissions, decide whether to restore inheritance or keep the custom access. Set a quarterly reminder to repeat this audit. This keeps your site permissions clean and reduces the risk of forgotten access.

← Back to WiseChecker Home More in SharePoint