Add-Remove Permissions to SharePoint List using PowerShell
Requirement: Set list permissions in SharePoint using PowerShell
PowerShell can be utilized to Add/Remove permission to SharePoint List. Here is my PowerShell script to grant and remove permissions to SharePoint sites, lists, and libraries.
Grant Permission to a user or group to SharePoint List
Need to quickly give someone access to your SharePoint list? You can Grant Permission to a user in SharePoint using PowerShell! In this blog post, we’ll walk you through the script granting permissions to a user or group:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Function to Grant Permission to List
function Grant-PermissionToList($WebUrl, $ListName, $UserAccount, $PermissionLevel)
{
#Get Web and List objects
$Web = Get-SPWeb -Identity $WebUrl
$List = $web.Lists.TryGetList($ListName)
if ($List -ne $null)
{
#We must break inheritance to grant permission directly on the list
if ($List.HasUniqueRoleAssignments -eq $False)
{
$list.BreakRoleInheritance($True)
}
#Get the user object
$User = $web.EnsureUser($UserAccount)
#FOR GROUPS use: $group = $web.SiteGroups[$GroupName]
#$assignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
#Get the permission level
$role = $web.RoleDefinitions[$PermissionLevel]
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($User)
$assignment.RoleDefinitionBindings.Add($role)
$list.RoleAssignments.Add($assignment)
$list.Update()
Write-Host "Granted permission $($PermissionLevel) to $($UserAccount) in list $($ListName)." -foregroundcolor Green
}
$web.Dispose()
}
#Call the function to grant access to a list
Grant-PermissionToList "https://sharepoint.crescent.com" "Documents" "Global\Auditors" "Contribute"
PowerShell script to remove permission from the List:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Function to Remove Permission from List
function Remove-PermissionFromList($WebUrl, $ListName, $GroupName, $PermissionLevel)
{
#Get Web and List objects
$Web = Get-SPWeb -Identity $WebUrl
$List = $web.Lists.TryGetList($ListName)
if ($List -ne $null)
{
#We must break inheritance to remove permission directly from the list
if ($List.HasUniqueRoleAssignments -eq $False)
{
$list.BreakRoleInheritance($True)
}
#Get the Group or user object
$group = $web.SiteGroups[$GroupName]
if($group -ne $null)
{
#For User, use: $User = $web.EnsureUser($UserAccount)
#To Remove All permissions of the group, use:
#$list.RoleAssignments.Remove($group)
#If group doesn't has access to the given list, it triggers an error! So, lets handle it.
try
{
#Set the Error Action
$ErrorActionPreference = "Stop"
#Get the permission level
$role = $web.RoleDefinitions[$PermissionLevel]
$assignment = $list.RoleAssignments.GetAssignmentByPrincipal($group)
#Remove the permissions
$assignment.RoleDefinitionBindings.Remove($role)
$assignment.Update()
$list.Update()
Write-Host "Removed permission $($PermissionLevel) of $($GroupName) from list $($ListName)." -foregroundcolor Green
}
catch [ArgumentException]
{
Write-Host "Group ($GroupName) doesn't has access on $($ListName)!" -ForegroundColor Red
}
finally
{
#Reset the Error Action to Default
$ErrorActionPreference = "Continue"
}
}
else
{
Write-Host "Cannot find Group Name: $($GroupName) in site $($WebUrl)." -foregroundcolor red
}
}
$web.Dispose()
}
#Call the function
Remove-PermissionFromList "https://Sharepoint.crescent.com/sites/sales" "Sales Documents" "Sales Members" "Edit" Â
Although this script shows adding removing permissions to SharePoint list objects, This can be utilized in the places of Site, Folder, List Item object also! Just replace $list object with other objects such as web, folder, or list item. You can grant or remove permission either to a particular user, To a SharePoint group, or to a Security group from the Active directory.
To add a user to the SharePoint group with PowerShell, refer to: How to Add User To SharePoint Site using PowerShell?
