kwizcom banner advertisement

Replace "Edit" Permissions with "Contribute" in SharePoint 2016 using PowerShell

Problem: Prior to SharePoint 2013, Members group of the site has "Contribute" permission. From SharePoint 2013, there was a new permission level "Edit" introduced with more rights. This introduced additional issue like members can delete lists and libraries!

Solution: Remove Edit permissions and add contribute permissions to all users and group of the site! Here is how: Navigate to:
  • Site Settings >> Site permissions
  • Select the person or group with edit permissions, you want to change >> Click on "Edit User Permissions" ribbon button sharepoint powershell change group permissions
  • In Edit Permissions page uncheck "Edit" permission and select "Contribute"
    replace Edit Permission with Contribute in SharePoint
  • Click "OK" to save changes. Now the Members group has contribute permissions instead of Edit.
Editing the "Edit" permission level and removing "Add, Edit and Delete Lists" permission from it - also solves the problem, but its not recommended to change OOTB permission levels in SharePoint!

But wait! who can go to each site of the web application and repeat above steps? Tedious! isn't it? So, lets use PowerShell to re-assign permissions to Contribute from Edit.

PowerShell to replace edit permissions of member group to contribute access rights:
This PowerShell script changes the permission level for all users and groups from Edit to Contribute.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Web Application URL
$WebAppURL="http://intranet.crescent.com/"

#Get all webs from the web application
$WebsCollection = Get-SPWebApplication $WebAppURL | Get-SPSite -Limit All | Get-SPWeb  -limit All

#Iterate through each web and replace "Edit" to "Contribute"
Foreach ($web in $WebsCollection)
{
    #Get Edit and Contribute permission levels
    $ContributePermission = $web.RoleDefinitions["Contribute"]
    $EditPermission = $web.RoleDefinitions["Edit"]

    Write-host "Processing:" $web.Url

    If (!$web.HasUniquePerm)
    {
        Write-host -f Yellow "Web is inheriting permissions..."
        continue
    }

    #Get all users and groups with Edit permissions
    $RoleAssignmentsColl = $web.RoleAssignments | where {$_.RoleDefinitionBindings -eq $EditPermission}
    
    #Loop through each user/group with Edit permission level
    foreach($RoleAssignment in $RoleAssignmentsColl)
    { 
        #Add Contribute Permissions
        if(!$RoleAssignment.RoleDefinitionBindings.Contains($ContributePermission))
        {
            $RoleAssignment.RoleDefinitionBindings.Add($ContributePermission)
            $RoleAssignment.Update()
            Write-host -f Green "Contribute Permission Added to the User/Group:" $RoleAssignment.Member.Name
        }
 
        #Remove Edit permissions
        if($RoleAssignment.RoleDefinitionBindings.Contains($EditPermission))
        {
            $RoleAssignment.RoleDefinitionBindings.Remove($EditPermission)
            $RoleAssignment.Update()
            Write-host -f Green "Edit Permission removed from the User/Group:" $RoleAssignment.Member.Name
        }
    }
}
Replace "Edit" Permissions with "Contribute" in SharePoint 2016 using PowerShell Replace "Edit" Permissions with "Contribute" in SharePoint 2016 using PowerShell Reviewed by Salaudeen Rajack on 7:49 PM Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.