How to Fix SharePoint Error Permission Inheritance Error

A Permission Inheritance Error in SharePoint occurs when managing security scopes on a site, list, or folder. This usually manifests when trying to break inheritance (Stop Inheriting Permissions) or restore inheritance (Inherit Permissions), returning errors such as “This list has exceeded the unique permissions threshold” or “Cannot perform this operation because permission inheritance is broken.”

This guide outlines how to handle unique permission limits, restore parent inheritance, and manage permissions via PowerShell.

Understand Permission Inheritance Errors in SharePoint

These permission errors are typically caused by:

1. Unique Permissions Threshold: SharePoint lists and libraries have a hard limit of 50,000 unique permission scopes per list, but performance degrades after 5,000. Once this threshold is reached, breaking inheritance on any subfolder or item is blocked.
2. Access Control List (ACL) Corruption: The internal database tracking security principal permissions on the item contains corrupted references.
3. Admin Lockouts: The administrator attempting to inherit or break permissions does not have the “Manage Permissions” role at the parent scope level.

Resolving SharePoint Permission Inheritance Errors

Follow these procedures to diagnose and restore permission structures:

Step 1: Check the Unique Permissions Limit (Threshold)

If you cannot break inheritance on a folder or file:

1. Identify the number of items in the list that have unique permissions.
2. If the list contains more than 5,000 unique scopes, you must merge permission configurations.
3. Instead of breaking inheritance on individual files, group them into folders and break inheritance on the folders only.
4. If you have broken inheritance on thousands of individual items, you must restore parent inheritance to clear the threshold count.

Step 2: Re-inherit Parent Site Permissions

To clear unique permission bloat and restore standard permissions:

1. Go to the affected SharePoint list, library, or folder.
2. Click the Gear (Settings) icon and choose Library settings > More library settings.
3. Under Permissions and Management, click Permissions for this document library.
4. In the Ribbon interface, click Delete unique permissions (or Inherit Permissions).
5. Click OK to confirm. The list will now inherit permissions from its parent site, clearing the custom ACL table.

Using SharePoint Online Management Shell:

Run the following script to reset permission inheritance on a specific list:

# Connect to SharePoint Online service
Connect-SPOService -Url "https://yourcompany-admin.sharepoint.com"

# Import client assemblies if needed, or use PNP PowerShell (Recommended)
# Install-Module PnP.PowerShell
Connect-PnPOnline -Url "https://yourcompany.sharepoint.com/sites/targetsite" -Interactive

# Reset inheritance on the list
Set-PnPList -Identity "Documents" -BreakRoleInheritance $false

Using SharePoint On-Premises Management Shell:

Run the following PowerShell script on the SharePoint server:

# Load SharePoint Server object model
$web = Get-SPWeb "https://sharepoint.local/sites/targetsite"
$list = $web.Lists["Documents"]

if ($list.HasUniqueRoleAssignments) {
    # Re-inherit parent permissions and update database
    $list.ResetRoleInheritance()
    $list.Update()
    Write-Host "Inheritance successfully restored." -ForegroundColor Green
} else {
    Write-Host "List is already inheriting permissions." -ForegroundColor Yellow
}
$web.Dispose()

Step 4: Clean Up Orphaned SharePoint Security Groups

Stale SharePoint group references can bloat the ACL.

1. Navigate to your site’s group list: https://yourcompany.sharepoint.com/sites/targetsite/_layouts/15/people.aspx?MembershipGroupId=0
2. Review the list of users and groups.
3. Remove any service accounts or users who no longer require site access to reduce the ACL table size.

Summary Checklist

• Check if the library has exceeded the recommended limit of 5,000 unique permission scopes.
• Group documents into folders to assign permissions, rather than applying them to individual files.
• Click Inherit Permissions in the Ribbon to merge the ACL back to the parent site settings.
• Run the PowerShell scripts above to bypass web interface timeouts.
• Audit the site’s people directory (MembershipGroupId=0) to clear orphaned user identities.