Sunday, March 10, 2013

Break Inheritance and Set Item Level or List Permission with PowerShell

Requirement is to Set Item Level permission to a SharePoint Group to all documents in a specific document library with 100+ documents.

Solution:  Earlier, I wrote C# code to set Item level permission on Event Receiver to Set Item Level Permissions . This time let me do it with PowerShell.

Set Item Level Permission with PowerShell

# For MOSS 2007 compatibility
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")

#Region MOSS2007-CmdLets
Function global:Get-SPSite()
{
  Param( [Parameter(Mandatory=$true)] [string]$SiteCollURL )

   if($SiteCollURL -ne '')
    {
    return new-Object Microsoft.SharePoint.SPSite($SiteCollURL)
   }
}
 
Function global:Get-SPWeb()
{
 Param( [Parameter(Mandatory=$true)] [string]$SiteURL )
  $site = Get-SPSite($SiteURL)
        if($site -ne $null)
            {
               $web=$site.OpenWeb();
            }
    return $web
}
#EndRegion

 Function AddItemLevelPermissionToGroup()
 {  
    #Define Parameters
    Param( [Parameter(Mandatory=$true)] [string]$SiteURL, 
           [Parameter(Mandatory=$true)] [string]$ListName, 
           [Parameter(Mandatory=$true)] [string]$GroupName,
           [Parameter(Mandatory=$true)] [string]$PermissionLevel )
 
 #Get the Web Application
    $Web=Get-SPWeb($SiteURL)
    
    #Get the List
    $list = $web.Lists[$ListName]
    if ($list -ne $null)  
    {  

    #Loop through each Item in the List
     foreach($item in $list.items)
   {
            #Check if Item has Unique Permissions. If not Break inheritence
            if($item.HasUniqueRoleAssignments -eq $False)  
              {  
               $item.BreakRoleInheritance($false)
               #False: Does removes all users & groups from Item's Permissions  
              } 
              
           if ($web.SiteGroups[$GroupName] -ne $null)  
               {
                #Get the Group from GroupName Parameter  
                $group = $web.SiteGroups[$GroupName]  
                $roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)  
                #Get Permission Level, such as "Read", "Contribute", etc
                $roleDefinition = $web.RoleDefinitions[$PermissionLevel]
                $roleAssignment.RoleDefinitionBindings.Add($roleDefinition);  
                #Grant Access to specified Group
                $item.RoleAssignments.Add($roleAssignment)  
                #To Remove Access: Call  $item.RoleAssignments.Remove($group) . No Need for objects: roleAssignment, roleDefinition
                $item.SystemUpdate();  
                Write-Host "Successfully added $($PermissionLevel) to $GroupName group in $($Item.Name)" -foregroundcolor Green  
               }  

         }
  $Web.Dispose()          

    }
 }

#Call the Function to Grant Item Level Permission
#Parameters: $SiteURL, $ListName, $GroupName, $PermissionLevel
AddItemLevelPermissionToGroup "http://sharepoint.crescent.com/sites/sales" "Documents" "Approvers" "Read"

Similarly, We can add users to Item level/List permissions:
            #Add User to site, if doesn't exist
            $user = $web.EnsureUser('global\salaudeen')

            $roleDefinition = $web.RoleDefinitions[$PermissionLevel]

            $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
            $roleAssignment.RoleDefinitionBindings.Add($roleDefinition)

            $item.RoleAssignments.Add($roleAssignment)
            #Call $list.RoleAssignments.Add($roleAssignment) to set permission at List level
            $item.SystemUpdate();  
            Write-Host "Successfully added $($user) to $($Item.Name)" -foregroundcolor Green  



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...