Sunday, March 10, 2013

Break Inheritance and Set Item Level or List Permission with PowerShell

Requirement is to Set Item Level permission to a SharePoint Group to all documents in a specific document library with 100+ documents.

Solution:  Earlier, I wrote C# code to set Item level permission on Event Receiver to Set Item Level Permissions . This time let me do it with PowerShell.

Set Item Level Permission with PowerShell

# For MOSS 2007 compatibility

#Region MOSS2007-CmdLets
Function global:Get-SPSite()
  Param( [Parameter(Mandatory=$true)] [string]$SiteCollURL )

   if($SiteCollURL -ne '')
    return new-Object Microsoft.SharePoint.SPSite($SiteCollURL)
Function global:Get-SPWeb()
 Param( [Parameter(Mandatory=$true)] [string]$SiteURL )
  $site = Get-SPSite($SiteURL)
        if($site -ne $null)
    return $web

 Function AddItemLevelPermissionToGroup()
    #Define Parameters
    Param( [Parameter(Mandatory=$true)] [string]$SiteURL, 
           [Parameter(Mandatory=$true)] [string]$ListName, 
           [Parameter(Mandatory=$true)] [string]$GroupName,
           [Parameter(Mandatory=$true)] [string]$PermissionLevel )
 #Get the Web Application
    #Get the List
    $list = $web.Lists[$ListName]
    if ($list -ne $null)  

    #Loop through each Item in the List
     foreach($item in $list.items)
            #Check if Item has Unique Permissions. If not Break inheritence
            if($item.HasUniqueRoleAssignments -eq $False)  
               #False: Does removes all users & groups from Item's Permissions  
           if ($web.SiteGroups[$GroupName] -ne $null)  
                #Get the Group from GroupName Parameter  
                $group = $web.SiteGroups[$GroupName]  
                $roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)  
                #Get Permission Level, such as "Read", "Contribute", etc
                $roleDefinition = $web.RoleDefinitions[$PermissionLevel]
                #Grant Access to specified Group
                #To Remove Access: Call  $item.RoleAssignments.Remove($group) . No Need for objects: roleAssignment, roleDefinition
                Write-Host "Successfully added $($PermissionLevel) to $GroupName group in $($Item.Name)" -foregroundcolor Green  



#Call the Function to Grant Item Level Permission
#Parameters: $SiteURL, $ListName, $GroupName, $PermissionLevel
AddItemLevelPermissionToGroup "" "Documents" "Approvers" "Read"

Similarly, We can add users to Item level/List permissions:
            #Add User to site, if doesn't exist
            $user = $web.EnsureUser('global\salaudeen')

            $roleDefinition = $web.RoleDefinitions[$PermissionLevel]

            $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)

            #Call $list.RoleAssignments.Add($roleAssignment) to set permission at List level
            Write-Host "Successfully added $($user) to $($Item.Name)" -foregroundcolor Green  

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.

Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...