Grant Permission to Folders in SharePoint Document Library using PowerShell

Requirement: grant folder permission in SharePoint using PowerShell script.

Here is my script to grant access to a folder in SharePoint Library using PowerShell:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

function Set-FolderPermissions($webUrl, $FolderURL, $UserAccount, $PermissionLevel)
{
    #Get Web
    $web = Get-SPWeb $webUrl   
    #Get the User   
    $user = $web.EnsureUser($UserAccount)
    #Get the Permission Level
    $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]
 
    #Get the Folder    
    $Folder = $web.GetFolder($FolderURL).Item
    if ($Folder -ne $null) 
    {  
        #Check if Item has Unique Permissions. If not, Break the inheritance
        if($folder.HasUniqueRoleAssignments -eq $false) 
        {
            $folder.BreakRoleInheritance($true) 
        }

        #Grant Permissions
        $RoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
        $RoleAssignment.RoleDefinitionBindings.Add($RoleDefinition) 
        $Folder.RoleAssignments.Add($RoleAssignment)
        $Folder.SystemUpdate(); 

        Write-Host "Successfully added $($user) to folder $($Folder.Name)" -foregroundcolor Green
    }

}

#Variables
$WebURL="http://intranet.crescent.com/"
$FolderURL="http://intranet.crescent.com/Sales/Documents/Proposals"
$UserAccount="i:0#.w|Crescent\salaudeen"
$PermissionLevel="Read"

#Call the function to Grant permission to a folder
Set-FolderPermissions $WebURL $FolderURL $UserAccount $PermissionLevel

Set Permission to SharePoint Group to All Folders in a Library:

Certain folders in a SharePoint library is with unique permission. The requirement is to add permission to a SharePoint group to all folders with unique permissions.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

### Variables ###
#Site URL and List names
$SiteURL = "http://intranet.crescent.com/support"
$ListName = "Documents"                 

#Get site and List objects
$web = Get-SPWeb $SiteURL
$List = $web.Lists.TryGetList($ListName)
$GroupName = "Support Visitors"
$PermissionLevel = "Read"

if ($list -ne $null) 
{  
   $Foldercoll=$List.Folders | Sort-Object Name

	#Loop through each Item in the List
	foreach($folder in $Foldercoll)
	{
			#Check if Item has Unique Permissions.
			if($folder.HasUniqueRoleAssignments -eq $true) 
			{ 
				#Grant Access
				if ($web.SiteGroups[$GroupName] -ne $null) 
				{
					#Get the Group from GroupName Parameter 
					$group = $web.SiteGroups[$GroupName] 
					$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group) 

					#Get Permission Level, such as "Read", "Contribute", etc
					$roleDefinition = $web.RoleDefinitions[$PermissionLevel]
					$roleAssignment.RoleDefinitionBindings.Add($roleDefinition); 
					
					#Grant Access to specified Group
					$folder.RoleAssignments.Add($roleAssignment) 
					#To Remove Access: Call  $item.RoleAssignments.Remove($group) . No Need for objects: roleAssignment, roleDefinition
					$folder.SystemUpdate(); 
					Write-Host "Successfully added $($PermissionLevel) to $GroupName group in $($Folder.Name)" -foregroundcolor Green 
				}
			}
	}
}

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply