Replace “Edit” Permissions with “Contribute” in SharePoint 2016 using PowerShell
Problem: Before SharePoint 2013, the Members group of the site has “Contribute” permission. From SharePoint 2013, there was a new permission level, “Edit” introduced with more rights. This introduced additional issues like members can delete lists and libraries!
How to Replace “Edit” Permission with “Contribute” in SharePoint?
Remove Edit permissions and add contribute permissions to all users and groups of the site! Here is how: Navigate to:
- Site Settings >> Site permissions
- Select the person or group with edit permissions, you want to change >> Click on “Edit User Permissions” ribbon button
- In Edit Permissions page uncheck “Edit” permission and select “Contribute”
- Click “OK” to save changes. Now the Members group has contribute permissions instead of Edit.
But wait! Who can go to each site of the web application and repeat the above steps? Tedious! Isn’t it? So, let us use PowerShell to re-assign permissions to Contribute from Edit.
PowerShell to replace edit permissions of member group to contribute access rights:
This PowerShell script changes the permission level for all users and groups from Edit to Contribute.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Web Application URL
$WebAppURL="https://intranet.crescent.com/"
#Get all webs from the web application
$WebsCollection = Get-SPWebApplication $WebAppURL | Get-SPSite -Limit All | Get-SPWeb -limit All
#Iterate through each web and replace "Edit" to "Contribute"
Foreach ($web in $WebsCollection)
{
#Get Edit and Contribute permission levels
$ContributePermission = $web.RoleDefinitions["Contribute"]
$EditPermission = $web.RoleDefinitions["Edit"]
Write-host "Processing:" $web.Url
If (!$web.HasUniquePerm)
{
Write-host -f Yellow "Web is inheriting permissions..."
continue
}
#Get all users and groups with Edit permissions
$RoleAssignmentsColl = $web.RoleAssignments | where {$_.RoleDefinitionBindings -eq $EditPermission}
#Loop through each user/group with Edit permission level
foreach($RoleAssignment in $RoleAssignmentsColl)
{
#Add Contribute Permissions
if(!$RoleAssignment.RoleDefinitionBindings.Contains($ContributePermission))
{
$RoleAssignment.RoleDefinitionBindings.Add($ContributePermission)
$RoleAssignment.Update()
Write-host -f Green "Contribute Permission Added to the User/Group:" $RoleAssignment.Member.Name
}
#Remove Edit permissions
if($RoleAssignment.RoleDefinitionBindings.Contains($EditPermission))
{
$RoleAssignment.RoleDefinitionBindings.Remove($EditPermission)
$RoleAssignment.Update()
Write-host -f Green "Edit Permission removed from the User/Group:" $RoleAssignment.Member.Name
}
}
}