Migration/Upgrade Permission PowerShell SharePoint 2013 SharePoint 2016 

Replace “Edit” Permissions with “Contribute” in SharePoint 2016 using PowerShell

Salaudeen Rajack 0 Comments

Problem: Before SharePoint 2013, the Members group of the site has “Contribute” permission. From SharePoint 2013, there was a new permission level, “Edit” introduced with more rights. This introduced additional issues like members can delete lists and libraries!

How to Replace “Edit” Permission with “Contribute” in SharePoint?

Remove Edit permissions and add contribute permissions to all users and groups of the site! Here is how: Navigate to:

  • Site Settings >> Site permissions
  • Select the person or group with edit permissions, you want to change >> Click on “Edit User Permissions” ribbon button sharepoint powershell change group permissions
  • In Edit Permissions page uncheck “Edit” permission and select “Contribute”
    replace Edit Permission with Contribute in SharePoint
  • Click “OK” to save changes. Now the Members group has contribute permissions instead of Edit.
Editing the “Edit” permission level and removing “Add, Edit and Delete Lists” permission from it – also solves the problem, but it’s not recommended to change OOTB permission levels in SharePoint!

But wait! Who can go to each site of the web application and repeat the above steps? Tedious! Isn’t it? So, let us use PowerShell to re-assign permissions to Contribute from Edit.

PowerShell to replace edit permissions of member group to contribute access rights:

This PowerShell script changes the permission level for all users and groups from Edit to Contribute.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Web Application URL
$WebAppURL="https://intranet.crescent.com/"

#Get all webs from the web application
$WebsCollection = Get-SPWebApplication $WebAppURL | Get-SPSite -Limit All | Get-SPWeb  -limit All

#Iterate through each web and replace "Edit" to "Contribute"
Foreach ($web in $WebsCollection)
{
    #Get Edit and Contribute permission levels
    $ContributePermission = $web.RoleDefinitions["Contribute"]
    $EditPermission = $web.RoleDefinitions["Edit"]

    Write-host "Processing:" $web.Url

    If (!$web.HasUniquePerm)
    {
        Write-host -f Yellow "Web is inheriting permissions..."
        continue
    }

    #Get all users and groups with Edit permissions
    $RoleAssignmentsColl = $web.RoleAssignments | where {$_.RoleDefinitionBindings -eq $EditPermission}
    
    #Loop through each user/group with Edit permission level
    foreach($RoleAssignment in $RoleAssignmentsColl)
    { 
        #Add Contribute Permissions
        if(!$RoleAssignment.RoleDefinitionBindings.Contains($ContributePermission))
        {
            $RoleAssignment.RoleDefinitionBindings.Add($ContributePermission)
            $RoleAssignment.Update()
            Write-host -f Green "Contribute Permission Added to the User/Group:" $RoleAssignment.Member.Name
        }
 
        #Remove Edit permissions
        if($RoleAssignment.RoleDefinitionBindings.Contains($EditPermission))
        {
            $RoleAssignment.RoleDefinitionBindings.Remove($EditPermission)
            $RoleAssignment.Update()
            Write-host -f Green "Edit Permission removed from the User/Group:" $RoleAssignment.Member.Name
        }
    }
}

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *