kwizcom banner advertisement

SharePoint Online: Set Folder Permissions using PowerShell CSOM

Requirement: Change folder permissions in SharePoint Online using PowerShell.

How to Set folder level permissions in SharePoint Online?
To manage folder permissions such as Add or Restrict in SharePoint Online, Follow these steps:
  • Navigate to your SharePoint Online document library where the target folder is located. 
  • Click on "Details" from the specific folder's context menu >> In the Details pane, Click on "Manage Access" and then "Advanced" links. This takes you to the "Advanced Permissions" page
  • From the ribbon, Click on "Stop Inhering Permissions" button and confirm the prompt.
  • Now, You'll get the list of users and groups who already have permissions on the folder. When you break the permission, SharePoint copies permissions from its parent (List/library in our case!). Click on "Grant Permission" button from the ribbon. 
    powershell sharepoint online add permission to folder
  • Enter the names of the users and groups you want to add permission to the folder, Select the appropriate permission level by clicking on "Show Options" link in the share page. Click on "Share" button to add permission to folder.
    sharepoint online set permissions on folder

PowerShell to change folder level permissions SharePoint online:
Lets add permission to SharePoint Online folder using PowerShell. This PowerShell script breaks permissions of a folder and grants permissions using client side object model (CSOM).
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL="https://crescent.sharepoint.com"
$FolderURL="/Project Documents/Active" #Relative URL of the Folder!
$GroupName="Team Site Members"
$UserAccount="Salaudeen@crescent.com"
$PermissionLevel="Edit"

Try {
    $Cred= Get-Credential
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Credentials
    $Web = $Ctx.web

    #Get the Folder
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderURL)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery()
    
    #Break Permission inheritence - Remove all existing list permissions & keep Item level permissions
    $Folder.ListItemAllFields.BreakRoleInheritance($False,$True)
    $Ctx.ExecuteQuery()
    Write-host -f Yellow "Folder's Permission inheritance broken..."
     
    #Get the SharePoint Group & User
    $Group =$Web.SiteGroups.GetByName($GroupName)
    $User = $Web.EnsureUser($UserAccount)
    $Ctx.load($Group)
    $Ctx.load($User)
    $Ctx.ExecuteQuery()

    #Grant permission
    #Get the role required
    $Role = $web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    $RoleDB.Add($Role)
         
    #Assign permissions
    $GroupPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($Group,$RoleDB)
    $UserPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($User,$RoleDB)
    $Folder.Update()
    $Ctx.ExecuteQuery()
    
    Write-host "Permission Granted Successfully!" -ForegroundColor Green  
}
Catch {
    write-host -f Red "Error Granting permission to  Folder!" $_.Exception.Message
}
and the result of change folder permissions:
sharepoint online set folder permissions
To Remove User or Group from Folder in SharePoint Online, Use this PowerShell script: How to Remove a User or Group from Folder Permissions in SharePoint Online
SharePoint Online: Set Folder Permissions using PowerShell CSOM SharePoint Online: Set Folder Permissions using PowerShell CSOM Reviewed by Salaudeen Rajack on September 19, 2016 Rating: 5

9 comments:

  1. Merci beaucoup, damn useful, using it for O365

    ReplyDelete
  2. Hi there!

    I'm facing below error,
    Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "Server relative urls must start with SPWeb.ServerRelativeUrl"

    Any idea why?

    ReplyDelete
    Replies
    1. Most likely you are trying to break the inheritance for a site different than the root site collection.
      try to use the following format for the FolderURL:
      $FolderURL = "/sites///"
      like:
      $FolderURL = "/sites/MyTestSite/MyTestLibrary/MyTestFolder"

      Delete
    2. Thanks for the suggestion, my scenario is actually a folder inside a sub-site (not the root site), I tried the '/sites///' format without luck.
      Exception calling "ExecuteQuery" with "0" argument(s): "Server relative urls must start with SPWeb.ServerRelativeUrl"
      It is preventing me from proceeding. Any other ideas?

      Delete
  3. Is there a way to use this code to remove the permission if my folder already has the permission?

    ReplyDelete
  4. I have given Full Control to the spesific user but I can not see any changes even after logging from that spesific user to access the folder. The user can not change, delete or edit the folder but strangely it shows Full Control in the folder permission list.

    ReplyDelete
  5. I'm receiving the following:
    Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "File Not Found."

    Any help, much appreciated.

    ReplyDelete
    Replies
    1. Here the Folder URL should be relative URL. Say: Your Site collection is at: http://yourdomain.sharepoint.com/sites/sales/" and your folder is at: /documents/active", then the relative URL should be: "/sites/sales/documents/active"

      Delete

Please Login and comment to get your questions answered!

Powered by Blogger.