kwizcom banner advertisement

SharePoint Online: Create Permission Level using PowerShell

Requirement: Create a new permission level in SharePoint online site collection for contribute without delete permissions.

SharePoint Permission levels are set of actions user can perform in SharePoint, packaged as a group to make permission management easier. So, Instead of providing individual permissions to users and groups, you pick a permission level and assign it to the new user. (or even Add the user to a group which has a specific permission level associated).

Contribute without delete permission level is often required in real world scenarios. Lets say, You want your users to be able to add files to the library but not delete files from the library. To achieve, we can simply copy the "Contribute" permission level and take off "Delete Items" permission from it!

How to create a permission level in SharePoint Online?
To create new permission level in SharePoint Online, Follow these steps: 
  • Go to the Site Settings >> Click on Site Permissions
  • Click on Permission Levels button from the ribbon
This takes you to the page which lists all default permission levels available in SharePoint with their  corresponding description.  Now you can either Add a Permission Level or click on any existing permission level, Copy and then Edit the new permission level to fill your requirements.
sharepoint online powershell create permission level

Do not change any default permission levels such as "Full Control" or "Contribute".

SharePoint Online PowerShell to Create Permission Level 
Here is how to create custom permission level in SharePoint Online using PowerShell.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
##Variables for Processing
$SiteUrl = ""
$SourcePermissionLevelName ="Contribute"
$TargetPermissionLevelName ="Contribute Without Delete"

Try {
    #Get Credentials to connect
    $Cred = Get-Credential
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
    $Ctx.Credentials = $Credentials
    $Web = $Ctx.Web

    #Get the source permission level
    $RoleDefinitions = $web.RoleDefinitions
    $SourceRoleDefinition = $RoleDefinitions.GetByName($SourcePermissionLevelName)

    #get base permissions from the source and remove "Delete"
    $TargetBasePermissions = $SourceRoleDefinition.BasePermissions

    #check if the given permission level exists already!
    $TargetPermissionLevel = $RoleDefinitions | Where-Object { $_.Name -eq $TargetPermissionLevelName } 
    if($TargetPermissionLevel -eq $null)
        #Create new permission level from source permission level
        $PermissionCreationInfo = New-Object Microsoft.SharePoint.Client.RoleDefinitionCreationInformation
        $PermissionCreationInfo.Name = $TargetPermissionLevelName
        $PermissionCreationInfo.Description = $TargetPermissionLevelName
        $PermissionCreationInfo.BasePermissions = $TargetBasePermissions

        #Add the role definitin to the site
        $TargetPermissionLevel = $Web.RoleDefinitions.Add($PermissionCreationInfo)
        Write-host "New Permission Level Created Successfully!" -ForegroundColor Green
        Write-host "Permission Level Already Exists!" -ForegroundColor Red
Catch {
    write-host -f Red "Error Creating Permission Level!" $_.Exception.Message
This script copies existing permission level and creates the new permission level. Instead of copying an existing permission level and manipulating it, You can also create new permission level from the scratch.
#Create base Permission set
$Permissions = New-Object Microsoft.SharePoint.Client.BasePermissions
#Add permissions to it
SharePoint Online: Create Permission Level using PowerShell SharePoint Online: Create Permission Level using PowerShell Reviewed by Salaudeen Rajack on November 22, 2016 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.