Grant Permission to Folders in SharePoint Document Library using PowerShell

Requirement: grant folder permission in SharePoint using PowerShell script.

Here is my script to grant access to a folder in SharePoint Library using PowerShell:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

function Set-FolderPermissions($webUrl, $FolderURL, $UserAccount, $PermissionLevel)
{
    #Get Web
    $web = Get-SPWeb $webUrl   
    #Get the User   
    $user = $web.EnsureUser($UserAccount)
    #Get the Permission Level
    $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]
 
    #Get the Folder    
    $Folder = $web.GetFolder($FolderURL).Item
    if ($Folder -ne $null) 
    {  
        #Check if Item has Unique Permissions. If not, Break the inheritance
        if($folder.HasUniqueRoleAssignments -eq $false) 
        {
            $folder.BreakRoleInheritance($true) 
        }

        #Grant Permissions
        $RoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
        $RoleAssignment.RoleDefinitionBindings.Add($RoleDefinition) 
        $Folder.RoleAssignments.Add($RoleAssignment)
        $Folder.SystemUpdate(); 

        Write-Host "Successfully added $($user) to folder $($Folder.Name)" -foregroundcolor Green
    }

}

#Variables
$WebURL="https://intranet.crescent.com/"
$FolderURL="https://intranet.crescent.com/Sales/Documents/Proposals"
$UserAccount="i:0#.w|Crescent\salaudeen"
$PermissionLevel="Read"

#Call the function to Grant permission to a folder
Set-FolderPermissions $WebURL $FolderURL $UserAccount $PermissionLevel

Set Permission to SharePoint Group to All Folders in a Library:

Certain folders in a SharePoint library is with unique permission. The requirement is to add permission to a SharePoint group to all folders with unique permissions.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

### Variables ###
#Site URL and List names
$SiteURL = "https://intranet.crescent.com/support"
$ListName = "Documents"                 

#Get site and List objects
$web = Get-SPWeb $SiteURL
$List = $web.Lists.TryGetList($ListName)
$GroupName = "Support Visitors"
$PermissionLevel = "Read"

if ($list -ne $null) 
{  
   $Foldercoll=$List.Folders | Sort-Object Name

	#Loop through each Item in the List
	foreach($folder in $Foldercoll)
	{
			#Check if Item has Unique Permissions.
			if($folder.HasUniqueRoleAssignments -eq $true) 
			{ 
				#Grant Access
				if ($web.SiteGroups[$GroupName] -ne $null) 
				{
					#Get the Group from GroupName Parameter 
					$group = $web.SiteGroups[$GroupName] 
					$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group) 

					#Get Permission Level, such as "Read", "Contribute", etc
					$roleDefinition = $web.RoleDefinitions[$PermissionLevel]
					$roleAssignment.RoleDefinitionBindings.Add($roleDefinition); 
					
					#Grant Access to specified Group
					$folder.RoleAssignments.Add($roleAssignment) 
					#To Remove Access: Call  $item.RoleAssignments.Remove($group) . No Need for objects: roleAssignment, roleDefinition
					$folder.SystemUpdate(); 
					Write-Host "Successfully added $($PermissionLevel) to $GroupName group in $($Folder.Name)" -foregroundcolor Green 
				}
			}
	}
}

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *