Imagine you’ve just completed a major project in SharePoint, and now it’s time to secure the site so that only you have access. Maybe you’re preparing a site for migration, shutting it down, or ensuring compliance by restricting access to sensitive data. Whatever the case, locking down a SharePoint site collection can be crucial.
In this blog, we’ll go over how SharePoint permissions work, the step-by-step process to remove all permissions, and real-life use cases where this approach has been beneficial. Whether you’re a SharePoint admin, developer, or IT manager, this guide will help you maintain control over your site collections.
Understanding SharePoint Permissions
Permissions in SharePoint can be tricky. By default, they are inherited from parent objects, meaning if you don’t break inheritance, changes made at the top level (site collection) will trickle down to subsites, libraries, and lists. This is great for maintaining consistent access control but can become a challenge when trying to lock down a site.
When revoking permissions, keep in mind:
- Inheritance Matters: If permissions are inherited from a parent site, breaking this inheritance is necessary before making changes.
- Admin Access is Key: Ensure you don’t remove your own access or that of another admin, or you could lock yourself out!
- Certain Groups Have Special Rights: Groups like Site Owners and Site Collection Administrators typically have elevated permissions that may need special handling.
Use Cases and Real-Life Scenarios
1. Securing Sensitive Information
A healthcare company needed to create a SharePoint site for storing patient records. Once the records were uploaded and processed, the site had to be locked down so that only the compliance officer had access. Removing all permissions except for the compliance officer ensured data confidentiality.
2. Site Decommissioning
A marketing team had a temporary SharePoint site for a campaign. Once the campaign ended, the IT department needed to ensure that no one could access the site before deletion. Locking down permissions before deleting it prevented accidental access to outdated or sensitive files.
3. Restricting External Users
A SharePoint site was shared with external vendors for collaboration. After the project was completed, IT needed to revoke all external access. By removing permissions for everyone except the internal team lead, they secured the site while keeping it for reference.
4. Locking Down for Compliance Audits
A financial institution had a SharePoint site for quarterly reports. Before the final report was published, the auditors needed to review and sign off. Once approved, the site had to be locked so that no further changes could be made. Removing permissions ensured compliance with regulatory standards.
Step-by-Step Guide to Removing Permissions
We will cover two methods:
- Manual Removal via SharePoint Online Admin Center
- Automated Removal Using PowerShell
Method 1: Removing Permissions via SharePoint Online Admin Center
- Access the SharePoint Admin Center
- Go to Microsoft 365 Admin Center
- Click on SharePoint under Admin centers
- Find the Target Site
- Navigate to Active sites
- Search for and select the site collection you want to modify
- Manage Site Permissions
- Click on Permissions
- Remove all users and groups except for yourself
- Ensure you retain full control of the site
- Check and Break Inheritance (If Needed)
- If any lists or libraries have unique permissions, break inheritance and manually remove users
Method 2: Removing Permissions Using PowerShell
If you have multiple sites to update or need automation, PowerShell is your best friend.
Prerequisites
- Install PnP PowerShell if not already installed:
Install-Module PnP.PowerShell -Force -AllowClobber - Connect to SharePoint Online:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive
PowerShell Script to Remove All Permissions
# Connect to SharePoint site
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
Connect-PnPOnline -Url $siteUrl -Interactive
# Get site administrators
$siteAdmins = Get-PnPSiteCollectionAdmin
# Get all users and groups
$users = Get-PnPUser
# Remove users except for site administrators
foreach ($user in $users) {
if ($siteAdmins.LoginName -notcontains $user.LoginName) {
Remove-PnPSiteUser -LoginName $user.LoginName
Write-Host "Removed: $($user.LoginName)"
}
}
# Remove SharePoint Groups except the Owners group
$groups = Get-PnPGroup
foreach ($group in $groups) {
if ($group.Title -notmatch "Owners") {
Remove-PnPGroup -Identity $group.Title
Write-Host "Removed Group: $($group.Title)"
}
}
Write-Host "All non-admin permissions removed successfully!"Verifying Your Changes
After running the script, double-check that only your account remains:
- Go to Site Settings > Site Permissions
- Ensure that only your account and necessary system accounts exist
Pros and Cons of Removing All Permissions
Pros:
- ✅ Improved Security – Restricting access ensures only authorized users can access sensitive data.
- ✅ Prevention of Accidental Modifications – Prevents unintended edits, deletions, or modifications.
- ✅ Compliance Readiness – Meets regulatory requirements for data security.
- ✅ Better Control – Ensures only selected individuals have access.
Cons:
- ❌ Risk of Locking Yourself Out – If you mistakenly remove all admin accounts, you may need global admin intervention.
- ❌ Disrupts Workflows – If users rely on the site, removing permissions may disrupt ongoing processes.
- ❌ Requires Manual Reconfiguration – If access needs to be restored, permissions must be re-added manually.
Best Practices
- Backup Permissions Before Making Changes: Export existing permissions using PowerShell for reference.
- Test on a Non-Critical Site First: Run the process on a test site before applying changes to a live site.
- Keep an Admin Account: Always have at least one admin account retained.
- Document Changes: Maintain a log of removed users and groups for auditing purposes.
Locking down a SharePoint site collection is sometimes necessary for security, compliance, and data management. Whether you’re securing sensitive information, decommissioning a site, or preparing for an audit, removing all permissions except for yourself ensures complete control.
With the manual method through the SharePoint Admin Center or the automated PowerShell approach, you now have the tools to effectively secure your site. Just remember to double-check your access before making irreversible changes!
Have you ever needed to lock down a SharePoint site? Share your experiences in the comments below!
Accounting.js Branding Cascading StyleSheet Cheat Sheet Competitors Connect Content Type CSS Currency Date Formats Dates Flows Hillbilly Tabs HTML5 Javascript JavsScript JSON Format View NodeJs Numeral.js O365 Office 365 OneDrive Out Of The Box Overflow Permissions PnP PowerAutomate Power Automate PowerShell Pwermissions ReactJs Rest Endpoint Send an HTTP Request to SharePoint SharePoint SharePoint Modern SharePoint Online SharePoint Tabs ShellScript SPFX SPO Styling Sync Teams App Transform JS TypeScript