SharePoint Online: Grant Permission to List or Library using PowerShell

Requirement: Provide permission to a document library in SharePoint Online.

How to share a document library in SharePoint Online?

There are times you may want to grant permissions at the list or library level to users and groups in SharePoint Online. For example, You may want to provide read access at the site level and edit rights at the individual list level. So, to grant permissions to lists and libraries, as a first step, we have to stop inheriting permissions from its parent and then apply unique security permissions to any level underneath the site collection, such as Subsite, List, Library, or list items.

How to grant access to a list or library in SharePoint Online?

How do I share a document library in SharePoint Online? Here is how to give permission to a document library in SharePoint Online:

  1. Go to the target list or library settings (From the library page, Click on the Library tab on the ribbon >> Select list settings. If modern UI is enabled, head on to Site connects and click settings from the list context menu)
  2. On the List Settings page, click on the “Permissions for this list” link in the permissions and management group.
  3. On the permissions page, if the list inherits permissions from the parent, we have to break the permission inheritance. Click on the “Stop inheriting Permissions” button.
  4. Now, from the ribbon, click the “Grant Permissions” button from the Grant group.
  5. Enter names or email addresses in the Share dialogue box in the designated text box.  sharepoint online grant list permissions using powershell
  6. Click the Show Options button and specify the email invitation option and appropriate permission level, such as edit.
  7. Click Share.

This provides permission to a given user on the selected list or library. The same procedure applies to granting access to lists, libraries, and individual items in SharePoint Online.

SharePoint Online: PowerShell to Grant permissions to List or Library to a User or Group

List permissions can be manipulated with PowerShell. Here is the typical SharePoint Online set permissions PowerShell script: This script grants permission to an existing SharePoint group to the given list.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Configuration Parameters
$SiteURL= ""
$ListName="Project Documents"
$GroupName="Project Members"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred
    #Get the web and List
    #Break Permission inheritence - keep existing list permissions & Item level permissions
    Write-host -f Yellow "Permission inheritance broken..."
    #Get the group or user
    $Group =$Web.SiteGroups.GetByName($GroupName) #For User: $Web.EnsureUser('')

    #Grant permission to Group     
    #Get the role required
    $Role = $web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    #Assign list permissions to the group
    $Permissions = $List.RoleAssignments.Add($Group,$RoleDB)
    Write-Host "Added $PermissionLevel permission to $GroupName group in $ListName list. " -foregroundcolor Green
Catch {
    write-host -f Red "Error Granting Permissions!" $_.Exception.Message

We can also set document library permissions in SharePoint Online using PnP PowerShell. If you want to grant permission to a new AD Group/Office 365 group, use the following:

#Config Variables
$GroupName ="" #Or Group ID

#Resolve the Group
$Group = $Web.EnsureUser($GroupName)

SharePoint Online: Add Permission to List using PnP PowerShell

Let us use the PnP PowerShell cmdlet Set-PnPListPermission to add permissions to the SharePoint Online list.

#Config Variables
$SiteURL = ""
$ListName ="Projects"
$GroupName = "Marketing Members"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Break Permission Inheritance of the List
Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments

#Grant permission on List to User
Set-PnPListPermission -Identity $ListName -AddRole "Edit" -User $UserID

#Grant permission on list to Group
Set-PnPListPermission -Identity $ListName -AddRole "Read" -Group $GroupName

Similarly, you can use this PowerShell to assign permissions to a group on the list:

Set-PnPGroupPermissions -Identity $GroupName -List ListName -AddRole Contribute

To remove user or group from list permissions: SharePoint Online: Remove User or Group from List Permissions using PowerShell

Grant List Access to External users using Powershell

Use the PowerShell script to set permission on a SharePoint Online list or document library to external users. Make sure you have external sharing enabled at the tenant and site collection levels.

$SiteURL = ""
$ListName ="Invoices"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
#Break Permission Inheritance of the List
Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
#Grant permission on List to External User
Set-PnPListPermission -Identity $ListName -AddRole "Edit" -User $UserID
How to give permission to a subsite in SharePoint Online?

Break permission inheritance of the subsite if it inherits permissions from its parent site. Once done, You can grant access to the subsite from: Settings >> Site Permissions link. More info: How to Grant Access to a Subsite in SharePoint Online?

How do I give access to the SharePoint Online site?

Navigate to your SharePoint Online site >> click on “Settings” gear >> Click on “Site Permissions” >> Advanced Permissions. In the Advanced permissions page, select the relevant group such as “<Site-Name> Owners”, Click on “New” >> Add users >> Enter the user names and click on “Share”.
More info: Grant access to SharePoint Online site

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

13 thoughts on “SharePoint Online: Grant Permission to List or Library using PowerShell

  • Hi Salaudeen,
    I’m using your code (CSOM) to set permission for user to the main folder of one of my Sharepoint library.
    Your code works correctly because the added user is visible in the Sharepoint folder permission details.
    Unfortunately, when using your code to grant access to SharePoint library folder the shared
    folder does not appear in the user OneDrive folder under the “Shared” group.
    To make SharePoint library folder appear under the OneDrive “Shared” section I need to
    manually grant access to this folder. Did you notice this?

  • I tried your script but i could not give permission to document library but list only
    As this command only refers to list right?
    #Break Permission Inheritance of the List
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
    Also Can’t I grant multiple permission level on document library using CSV

    • Set-PnPList cmdlet can be used for both Lists and Libraries (Technically, Document libraries are also Lists!).

  • Can I add external users to document library using pnp powershell? I want to share document library with external users using pnp powershell.

    • Sure! There is no difference in the script for adding internal or external users. Prior to adding external users with PowerShell, make sure you have External sharing enabled at your tenant and site levels.

      • Thanks for your quick response. I tried using above script but it says “The specified user — could not be found. I have confirmed that this is Microsoft account but still giving an error. Can you please help me if I have missed any other prior steps

  • $UserID=””
    #Grant permission on List to User
    Set-PnPListPermission -Identity $ListName -AddRole “Edit” -User $UserID

    How do I add multiple/bulk users to the list/library?

    • You can wrap them inside an Array and call the cmdlet as:

      $UserIDs= @(“”, “”, “”)

      #Grant permission on List
      $UserIDs | ForEach-Object { Set-PnPListPermission -Identity $ListName -AddRole “Edit” -User $_ }

      CSV methods also works.

  • Hello! Thank you for the article!
    I tried to add a office 365 group to the SP document library but I keep getting group cannot be found. I used the non PNP script you provided and added a for each loop as I have 82 sites and 3 office 365 groups that I need to add with visitor (read) permission. could you please help?

    • The CSOM script just grants permission to an existing group! If you want to add a new group from AD, Use:

      #Resolve the Group
      $Group = $Web.EnsureUser($GroupName)

  • Hi.
    Does groups need to be mail enabled? i keeps getting error that the group dont exist, but if i use the gui i can ad it?


Leave a Reply

Your email address will not be published. Required fields are marked *