kwizcom banner advertisement

SharePoint Online: Set Folder Permissions using PowerShell CSOM

Requirement: Change folder permissions in SharePoint Online using PowerShell.

How to Set folder level permissions in SharePoint Online?
To manage folder permissions such as Add or Restrict in SharePoint Online, Follow these steps:
  • Navigate to your SharePoint Online document library where the target folder is located. 
  • Click on "Details" from the specific folder's context menu >> In the Details pane, Click on "Manage Access" and then "Advanced" links. This takes you to the "Advanced Permissions" page
  • From the ribbon, Click on "Stop Inhering Permissions" button and confirm the prompt.
  • Now, You'll get the list of users and groups who already have permissions on the folder. When you break the permission, SharePoint copies permissions from its parent (List/library in our case!). Click on "Grant Permission" button from the ribbon. 
    powershell sharepoint online add permission to folder
  • Enter the names of the users and groups you want to add permission to the folder, Select the appropriate permission level by clicking on "Show Options" link in the share page. Click on "Share" button to add permission to folder.
    sharepoint online set permissions on folder

PowerShell to change folder level permissions SharePoint online:
Lets add permission to SharePoint Online folder using PowerShell. This PowerShell script breaks permissions of a folder and grants permissions using client side object model (CSOM).
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$FolderURL="/Project Documents/Active"
$GroupName="Team Site Members"

Try {
    $Cred= Get-Credential
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Credentials
    $Web = $Ctx.web

    #Get the Folder
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderURL)
    #Break Permission inheritence - Remove all existing list permissions & keep Item level permissions
    Write-host -f Yellow "Folder's Permission inheritance broken..."
    #Get the SharePoint Group & User
    $Group =$Web.SiteGroups.GetByName($GroupName)
    $User = $Web.EnsureUser($UserAccount)

    #Grant permission
    #Get the role required
    $Role = $web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    #Assign permissions
    $GroupPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($Group,$RoleDB)
    $UserPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($User,$RoleDB)
    Write-host "Permission Granted Successfully!" -ForegroundColor Green  
Catch {
    write-host -f Red "Error Granting permission to  Folder!" $_.Exception.Message
and the result of change folder permissions:
sharepoint online set folder permissions
To Remove User or Group from Folder in SharePoint Online, Use this PowerShell script: How to Remove a User or Group from Folder Permissions in SharePoint Online
SharePoint Online: Set Folder Permissions using PowerShell CSOM SharePoint Online: Set Folder Permissions using PowerShell CSOM Reviewed by Salaudeen Rajack on September 19, 2016 Rating: 5


  1. Merci beaucoup, damn useful, using it for O365

  2. Hi there!

    I'm facing below error,
    Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "Server relative urls must start with SPWeb.ServerRelativeUrl"

    Any idea why?

    1. Most likely you are trying to break the inheritance for a site different than the root site collection.
      try to use the following format for the FolderURL:
      $FolderURL = "/sites///"
      $FolderURL = "/sites/MyTestSite/MyTestLibrary/MyTestFolder"

  3. Is there a way to use this code to remove the permission if my folder already has the permission?


Please Login and comment to get your questions answered!

Powered by Blogger.