Add-Remove Permissions to SharePoint List using PowerShell

Requirement: Set list permissions in SharePoint using PowerShell

PowerShell can be utilized to Add/Remove permission to SharePoint List. Here is my PowerShell script to grant and remove permissions to SharePoint sites, lists, and libraries.

Add or Remove SharePoint List Permissions using PowerShell

Grant Permission to a user or group to SharePoint List

Need to quickly give someone access to your SharePoint list? You can Grant Permission to a user in SharePoint using PowerShell! In this blog post, we’ll walk you through the script granting permissions to a user or group:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Grant Permission to List
function Grant-PermissionToList($WebUrl, $ListName, $UserAccount, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to grant permission directly on the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the user object
        $User = $web.EnsureUser($UserAccount)
        #FOR GROUPS use: $group = $web.SiteGroups[$GroupName]
        #$assignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
            
        #Get the permission level
        $role = $web.RoleDefinitions[$PermissionLevel]
        $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($User)
        $assignment.RoleDefinitionBindings.Add($role) 
        $list.RoleAssignments.Add($assignment)
        $list.Update()

        Write-Host "Granted permission $($PermissionLevel) to $($UserAccount) in list $($ListName)." -foregroundcolor Green        
    }
    $web.Dispose()
}

#Call the function to grant access to a list
Grant-PermissionToList "https://sharepoint.crescent.com" "Documents" "Global\Auditors" "Contribute"                

PowerShell script to remove permission from the List:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Remove Permission from List
function Remove-PermissionFromList($WebUrl, $ListName, $GroupName, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to remove permission directly from the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the Group or user object
        $group = $web.SiteGroups[$GroupName]
        
        if($group -ne $null)
        {
            #For User, use: $User = $web.EnsureUser($UserAccount)
            #To Remove All permissions of the group, use: 
            #$list.RoleAssignments.Remove($group)    

             #If group doesn't has access to the given list, it triggers an error! So, lets handle it.
             try
             {
                #Set the Error Action
                $ErrorActionPreference = "Stop"
                #Get the permission level
                $role = $web.RoleDefinitions[$PermissionLevel]
                $assignment = $list.RoleAssignments.GetAssignmentByPrincipal($group)
                #Remove the permissions
                $assignment.RoleDefinitionBindings.Remove($role)
                $assignment.Update()

                $list.Update()
                Write-Host "Removed permission $($PermissionLevel) of $($GroupName) from list $($ListName)." -foregroundcolor Green

             }
             catch [ArgumentException] 
             {
                Write-Host "Group ($GroupName) doesn't has access on $($ListName)!" -ForegroundColor Red
             }
             finally
             {
                #Reset the Error Action to Default
                $ErrorActionPreference = "Continue"
             }            
        }
        else
        {
            Write-Host "Cannot find Group Name: $($GroupName) in site $($WebUrl)." -foregroundcolor red
        }        
    }
    $web.Dispose()
}

#Call the function 
Remove-PermissionFromList "https://Sharepoint.crescent.com/sites/sales" "Sales Documents" "Sales Members" "Edit"              

Although this script shows adding removing permissions to SharePoint list objects, This can be utilized in the places of Site, Folder, List Item object also! Just replace $list object with other objects such as web, folder, or list item. You can grant or remove permission either to a particular user, To a SharePoint group, or to a Security group from the Active directory.

To add a user to the SharePoint group with PowerShell, refer to: How to Add User To SharePoint Site using PowerShell?

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Leave a Reply

Your email address will not be published. Required fields are marked *