Home > > SharePoint Online: Set Folder Permissions using PowerShell

SharePoint Online: Set Folder Permissions using PowerShell

, , , , ,
Requirement: Change folder permissions in SharePoint Online using PowerShell.

How to Set folder level permissions in SharePoint Online?
To manage folder permissions such as Add or Restrict in SharePoint Online, Follow these steps:
  • Navigate to your SharePoint Online document library where the target folder is located. 
  • Click on "Details" from the specific folder's context menu >> In the Details pane, Click on "Manage Access" and then "Advanced" links. This takes you to the "Advanced Permissions" page
  • From the ribbon, Click on "Stop Inhering Permissions" button and confirm the prompt.
  • Now, You'll get the list of users and groups who already have permissions on the folder. When you break the permission, SharePoint copies permissions from its parent (List/library in our case!). Click on "Grant Permission" button from the ribbon. 
    powershell sharepoint online add permission to folder
  • Enter the names of the users and groups you want to add permission to the folder, Select the appropriate permission level by clicking on "Show Options" link in the share page. Click on "Share" button to add permission to folder.
    sharepoint online set permissions on folder

PowerShell to change folder level permissions SharePoint online:
Lets add permission to SharePoint Online folder using PowerShell. This PowerShell script breaks permissions of a folder and grants permissions using client side object model (CSOM). 
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables
$SiteURL="https://crescent.sharepoint.com"
$FolderURL="/Project Documents/Active" #Relative URL of the Folder!
$GroupName="Team Site Members"
$UserAccount="[email protected]"
$PermissionLevel="Edit"

Try {
    $Cred= Get-Credential
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Credentials
    $Web = $Ctx.web

    #Get the Folder
    $Folder = $Web.GetFolderByServerRelativeUrl($FolderURL)
    $Ctx.Load($Folder)
    $Ctx.ExecuteQuery()
    
    #Break Permission inheritence of the folder - Keep all existing folder permissions & keep Item level permissions
    $Folder.ListItemAllFields.BreakRoleInheritance($False,$True)
    $Ctx.ExecuteQuery()
    Write-host -f Yellow "Folder's Permission inheritance broken..."
     
    #Get the SharePoint Group & User
    $Group =$Web.SiteGroups.GetByName($GroupName)
    $User = $Web.EnsureUser($UserAccount)
    $Ctx.load($Group)
    $Ctx.load($User)
    $Ctx.ExecuteQuery()

    #sharepoint online powershell set permissions on folder
    #Get the role required
    $Role = $web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    $RoleDB.Add($Role)
         
    #Assign permissions
    $GroupPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($Group,$RoleDB)
    $UserPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($User,$RoleDB)
    $Folder.Update()
    $Ctx.ExecuteQuery()
    
    Write-host "Permission Granted Successfully!" -ForegroundColor Green  
}
Catch {
    write-host -f Red "Error Granting permission to  Folder!" $_.Exception.Message
}
This PowerShell breaks permission inheritance of the folder and grants access to a user and group. Here is the result of change folder permissions:
sharepoint online set folder permissions
To Remove User or Group from Folder in SharePoint Online, Use this PowerShell script: How to Remove a User or Group from Folder Permissions in SharePoint Online?

If you want to set permissions on all folders in a SharePoint Online document library, refer: SharePoint Online: Grant Permission to Each Folder in a Document Library using PowerShell

PnP PowerShell to Change Folder Permissions in SharePoint Online
To grant permission to folder in SharePoint Online, use this PnP PowerShell: 
#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName="Documents"
$FolderRelativeURL = "/sites/marketing/Shared Documents/2019"
$UserAccount = "[email protected]"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Folder from URL
$Folder = Get-PnPFolder -Url $FolderRelativeURL
    
#Set Permission to Folder
Set-PnPListItemPermission -List $ListName -Identity $Folder.ListItemAllFields -User $UserAccount -AddRole 'Contribute'

Here is my another post on SharePoint Online: PowerShell to Get Folder Permissions

Post updated on: 2020-06-21T19:56:09Z

Advertisement:


Related Posts:

17 comments:

  1. JeffFebruary 6, 2018 at 2:13 PM

    Merci beaucoup, damn useful, using it for O365

    ReplyDelete
  2. Sunny RichardMay 9, 2018 at 9:01 PM

    Hi there!

    I'm facing below error,
    Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "Server relative urls must start with SPWeb.ServerRelativeUrl"

    Any idea why?

    ReplyDelete
    Replies
    1. AnonymousJune 14, 2018 at 3:56 PM

      Most likely you are trying to break the inheritance for a site different than the root site collection.
      try to use the following format for the FolderURL:
      $FolderURL = "/sites///"
      like:
      $FolderURL = "/sites/MyTestSite/MyTestLibrary/MyTestFolder"

      Delete
    2. UnknownDecember 19, 2018 at 11:56 AM

      Thanks for the suggestion, my scenario is actually a folder inside a sub-site (not the root site), I tried the '/sites///' format without luck.
      Exception calling "ExecuteQuery" with "0" argument(s): "Server relative urls must start with SPWeb.ServerRelativeUrl"
      It is preventing me from proceeding. Any other ideas?

      Delete
    3. UnknownFebruary 20, 2019 at 2:26 PM

      Found the fix after two months, removed the '/' from the beginning of the folder name. It became something like this:
      FolderURL="Documents/test"

      Delete
    4. Salaudeen RajackFebruary 21, 2019 at 12:51 AM

      The $SiteURL parameter and Folder's ServerRelativeURL must be the same web Context!

      Delete
  3. SeanOctober 23, 2018 at 7:27 AM

    Is there a way to use this code to remove the permission if my folder already has the permission?

    ReplyDelete
  4. AbbasDecember 3, 2018 at 10:49 PM

    I have given Full Control to the spesific user but I can not see any changes even after logging from that spesific user to access the folder. The user can not change, delete or edit the folder but strangely it shows Full Control in the folder permission list.

    ReplyDelete
  5. StreakyJanuary 21, 2019 at 5:11 PM

    I'm receiving the following:
    Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "File Not Found."

    Any help, much appreciated.

    ReplyDelete
    Replies
    1. Salaudeen RajackJanuary 21, 2019 at 11:07 PM

      Here the Folder URL should be relative URL. Say: Your Site collection is at: http://yourdomain.sharepoint.com/sites/sales/" and your folder is at: /documents/active", then the relative URL should be: "/sites/sales/documents/active"

      Delete
    2. AnonymousJanuary 23, 2019 at 2:46 PM

      Same problem for me - trying to loop through a number of "subsites" and setting the permission on a folder in their default documents library.

      When using this advise: "Here the Folder URL should be relative URL. Say: Your Site collection is at: http://yourdomain.sharepoint.com/sites/sales/" and your folder is at: /documents/active", then the relative URL should be: "/sites/sales/documents/active"
      powershell.html#ixzz5dQ8JqxMa"


      I get error: Error Granting permission to Folder! Exception calling "ExecuteQuery" with "0" argument(s): "File Not Found." when using


      Delete
    3. Salaudeen RajackJanuary 24, 2019 at 9:41 PM

      Please note, your document library's name could be "Documents" while the actual URL is: /shared documents/, So check if the given relative URL is valid in $FolderURL parameter!

      Delete
    4. UnknownFebruary 20, 2019 at 2:28 PM

      Hi again. It seem that the command
      $Group =$Web.SiteGroups.GetByName($GroupName)
      gets the SharePoint Groups only. What can we do if we want to get and Active Directory Synched group?

      Delete
    5. Salaudeen RajackFebruary 21, 2019 at 12:42 AM

      Use: $ADGroup = $Web.EnsureUser("Domain\ADGroup")

      Delete
    6. NicknetMay 22, 2019 at 6:49 PM

      Trying to do the same but I'm not using AD Connect. I've created groups in the admin portal and they are referred to as a domain group when assigned just through the Web gui. Is my Domain just my onmicrosoft.com tennant that is created? Sorry if this is a silly question. And thank you for this tutorial.

      Delete
    7. Salaudeen RajackJuly 21, 2019 at 5:26 PM

      If you have custom domain and mapped UPN to that domain, then Its [email protected], Otherwise, [email protected]

      Delete

Please Login and comment to get your questions answered!

Subscribe to: Post Comments ( Atom )
Powered by Blogger.