Sunday, May 1, 2016

SharePoint Online: How to Break Permission Inheritance using PowerShell

Requirement: Grant permissions at list or library level to users and groups in SharePoint online. The particular user group has read access at site level and the requirement is to provide Edit access rights on specified lists and libraries.

Break permission inheritance in sharepoint online:
Providing permissions at list or item level consists of two steps: As a first step stop inheriting permissions from the parent and then add permissions to users and/or groups. Here is how to break permission inheritance in sharepoint online:

  • Navigate to the SharePoint library where your documents are stored
  • Select the document >> Click on "Shared With" under Manage group in the ribbon
  • In the permissions page, if the list is inheriting permissions from parent, we have to break the permission inheritance by clicking "Stop inheriting Permissions" button. Confirm the prompt once.
    sharepoint online stop inheriting permissions using PowerShell
Now, you can add or remove users to the particular list or list item permissions by clicking Grant Permissions button from Grant group.

PowerShell to Break Permission Inheritance for a List Item: 
Here is the PowerShell for SharePoint online to stop inheriting permissions from the parent.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/projects/"
$ListName="Projects"
$ItemID=1

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred
  
#Get the List and Item
$List=$Ctx.web.Lists.GetByTitle($ListName)
$Item=$List.GetItemByID($ItemID)

#Break permission inheritance
$Item.BreakRoleInheritance($True, $True)
$ctx.ExecuteQuery()

Lets add some error handling to this script and break permission inheritance of a list.

SharePoint online: stop inheriting permissions using PowerShell
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/Marketing/"
$ListName="Documents"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {

    #Helper function to get nongeneric properties of the Object in CSOM   
    Function Invoke-LoadMethod() {
    param( [Microsoft.SharePoint.Client.ClientObject]$Object, [string]$PropertyName ) 
       $ctx = $Object.Context
       $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
       $type = $Object.GetType()
       $clientLoad = $load.MakeGenericMethod($type)

       $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
       $Expression = [System.Linq.Expressions.Expression]::Lambda(
                [System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),
                [System.Object] ), $($Parameter))

       $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
       $ExpressionArray.SetValue($Expression, 0)
       $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
    }
  
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred
  
    #Get the List
    $List=$Ctx.web.Lists.GetByTitle($ListName)
    $Ctx.load($List)
    Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments"
    $Ctx.ExecuteQuery()

    #Check if list is inheriting permissions
    if($List.HasUniqueRoleAssignments -eq $False)
    {
        #Break permissions of the list, if its inherited
        $List.BreakRoleInheritance($True,$True) #keep existing list permissions & Item level permissions
        $Ctx.ExecuteQuery()
        Write-host -f Green "Permission inheritance broken successfully!"
    }
    else
    {
        Write-Host -f Yellow "List is already using Unique permissions!"
    }
}
Catch {
    write-host -f Red "Error Granting Permissions!" $_.Exception.Message
}   



You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.
*Sponsored


Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!


You might also like:

Related Posts Plugin for WordPress, Blogger...