kwizcom banner advertisement

SharePoint Online: Change Group Permissions using PowerShell

Requirement: SharePoint Online Change Group Permissions

How to Update permissions for a SharePoint group?
To edit group permissions in SharePoint Online, following these steps:
  • Login to your SharePoint Online site as a administrator >> On the site collection Home page, click on Settings icon >> Click Site settings.
  • On the Site Settings page, under Users and Permissions, click on Site permissions.
  • Select the check box of the group to which you want to change permissions (either to grant additional rights or to revoke existing permissions).
  • In the Modify section of the ribbon, click on "Edit User Permissions" button.
    sharepoint online edit group permissions
  • On the Edit Permissions page, select/deselect the group permission check boxes according to your requirement. You can simply tick a checkbox next to permission levels such as "Contribute" to grant permission or uncheck to remove permission from the group.
    SharePoint Online Change Group Permissions using powershell
  • Click OK to save permission changes to the group.

Now, Lets edit group permissions using PowerShell.

SharePoint Online: Change Group Permission Level using PowerShell
The Set-SPOSiteGroup cmdlet lets you modify properties of a existing SharePoint Online security groups in a site collection. E.g. You may wish to edit group permissions of a specific group, you'll need to use this cmdlet to do it.

You can Add-Remove permission(s) on a group inside a site collection:
#Variables for Admin Center & Site Collection URL
$AdminCenterURL = "https://crescenttech-admin.sharepoint.com/"
$SiteURL = "https://crescenttech.sharepoint.com/sites/marketing"

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#sharepoint online change group permissions
Set-SPOSiteGroup -Site $SiteURL -Identity "Marketing Managers" -PermissionLevelsToRemove "Edit" -PermissionLevelsToAdd "Contribute"
This PowerShell script modifies the permissions level of a custom security group called "Marketing Managers" on your SharePoint Online site collection, by removing the current "Edit" permission that the group has and grants "Contribute" permission to it.

PowerShell-CSOM to Change Group Permissions in SharePoint Online:
For the members group of the site, lets remove "Edit" permissions and add "Contribute"
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables for Processing
$SiteURL = "https://crescent.sharepoint.com/Sites/marketing"
$GroupName="Marketing Team Site Members"
$PermissionToRemove="Edit"
$PermissionToAdd="Contribute"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred

    #Get all groups of the site
    $Groups = $Ctx.Web.SiteGroups
    $Ctx.load($Groups)
    $Ctx.ExecuteQuery()
    
    #Get Group Names
    $GroupNames =  $Groups | Select -ExpandProperty Title
    
    #Check if the given group exists
    If($GroupNames -contains $GroupName)
    {
        #Get the Group
        $Group = $ctx.Web.SiteGroups.GetByName($GroupName)

        #Get Permission Levels to add and remove
        $RoleDefToAdd = $Ctx.web.RoleDefinitions.GetByName($PermissionToAdd)
        $RoleDefToRemove = $Ctx.web.RoleDefinitions.GetByName($PermissionToRemove)
        
        #Get the Group's role assignment on the web
        $RoleAssignment = $Ctx.web.RoleAssignments.GetByPrincipal($Group)
        
        #Add/remove permission levels to the role assignment
        $RoleAssignment.RoleDefinitionBindings.Add($RoleDefToAdd)
        $RoleAssignment.RoleDefinitionBindings.Remove($RoleDefToRemove)
        $RoleAssignment.Update()
        $Ctx.ExecuteQuery()

        write-host  -f Green "User Group permissions updated Successfully!"
    }
    else
    {
        Write-host -f Yellow "Group Doesn't exist!"
    }
}
Catch {
    write-host -f Red "Error Changing Group Permissions!" $_.Exception.Message
}
Similarly, to add or remove permission to a SharePoint user, you can refer: SharePoint Online: Change User Permissions using PowerShell

PnP PowerShell to Change Group Permissions in SharePoint Online:
#Config Variables
$SiteURL = "https://crescenttech.sharepoint.com/Sales"
$GroupName="Sales Portal Members"
 
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Set Group Permissions: Remove "Edit" and Add "Contribute"
Set-PnPGroup -Identity $GroupName -AddRole "Contribute" -RemoveRole "Edit" 
SharePoint Online: Change Group Permissions using PowerShell SharePoint Online: Change Group Permissions using PowerShell Reviewed by Salaudeen Rajack on February 19, 2017 Rating: 5

1 comment:

  1. Thanks Salaudeen, this is very helpful. I am not a developer so I couldn't improvise on your script. But I am in need of a PS script to loop through all SPO site collections in the tenant and wherever a Group Name contains the word "Member" it removes the Edit permission level and adds the contribute permission level - do you think it is easily achievable, if so could you please help?

    ReplyDelete

Please Login and comment to get your questions answered!

Powered by Blogger.