Saturday, October 18, 2014

Add-Remove Permissions to SharePoint List using PowerShell

Here is my PowerShell script to grant and remove permissions to SharePoint sites, lists and libraries,

Grant Permission to a user or group to SharePoint List

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Grant Permission to List
function Grant-PermissionToList($WebUrl, $ListName, $UserAccount, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to grant permission directly on the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the user object
        $User = $web.EnsureUser($UserAccount)
        #FOR GROUPS use: $group = $web.SiteGroups[$GroupName]
        #$assignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
            
        #Get the permission level
        $role = $web.RoleDefinitions[$PermissionLevel]
        $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($User)
        $assignment.RoleDefinitionBindings.Add($role) 
        $list.RoleAssignments.Add($assignment)
        $list.Update()

        Write-Host "Granted permission $($PermissionLevel) to $($UserAccount) in list $($ListName)." -foregroundcolor Green        
    }
    $web.Dispose()
}

#Call the function to grant access to a list
Grant-PermissionToList "http://sharepoint.crescent.com" "Documents" "Global\Auditors" "Contribute" 
                
PowerShell script to remove permission from the List:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Remove Permission from List
function Remove-PermissionFromList($WebUrl, $ListName, $GroupName, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to remove permission directly from the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the Group or user object
        $group = $web.SiteGroups[$GroupName]
        
        if($group -ne $null)
        {
            #For User, use: $User = $web.EnsureUser($UserAccount)
            #To Remove All permissions of the group, use: 
            #$list.RoleAssignments.Remove($group)    

             #If group doesn't has access to the given list, it triggers an error! So, lets handle it.
             try
             {
                #Set the Error Action
                $ErrorActionPreference = "Stop"
                #Get the permission level
                $role = $web.RoleDefinitions[$PermissionLevel]
                $assignment = $list.RoleAssignments.GetAssignmentByPrincipal($group)
                #Remove the permissions
                $assignment.RoleDefinitionBindings.Remove($role)
                $assignment.Update()

                $list.Update()
                Write-Host "Removed permission $($PermissionLevel) of $($GroupName) from list $($ListName)." -foregroundcolor Green

             }
             catch [ArgumentException] 
             {
                Write-Host "Group ($GroupName) doesn't has access on $($ListName)!" -ForegroundColor Red
             }
             finally
             {
                #Reset the Error Action to Default
                $ErrorActionPreference = "Continue"
             }            
        }
        else
        {
            Write-Host "Cannot find Group Name: $($GroupName) in site $($WebUrl)." -foregroundcolor red
        }        
    }
    $web.Dispose()
}

#Call the function 
Remove-PermissionFromList "http://Sharepoint.crescent.com/sites/sales" "Sales Documents" "Sales Members" "Edit"              
Although this script shows adding removing permissions to SharePoint list objects, This can be utilized in the places of Site, Folder, List Item object also! Just replace $list object with other objects such as web, folder or list item. You can grant or remove permission either to a particular user, To a SharePoint group or to a Security group from Active directory.

To add user to SharePoint group with PowerShell, Refer: How to Add User To SharePoint Site using PowerShell



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...