SharePoint Online: Change Group Permissions using PowerShell

Requirement: SharePoint Online Edit Group Permissions.

How to Update Permissions for a SharePoint Group?

To edit group permissions in SharePoint Online, following these steps:

  • Login to your SharePoint Online site as a administrator >> On the site collection Home page, click on Settings icon >> Click Site settings.
  • On the Site Settings page, under Users and Permissions, click on Site permissions.
  • Select the check box of the group to which you want to change permissions (either to grant additional rights or to revoke existing permissions).
  • In the Modify section of the ribbon, click on “Edit User Permissions” button.
    sharepoint online edit group permissions
  • On the Edit Permissions page, select/deselect the group permission check boxes according to your requirement. You can simply tick a checkbox next to permission levels such as “Contribute” to grant permission or uncheck to remove permission from the group.
    SharePoint Online Change Group Permissions using powershell
  • Click OK to save permission changes to the group.

Now, Lets edit group permissions using PowerShell.

SharePoint Online: Change Group Permission Level using PowerShell
The Set-SPOSiteGroup cmdlet lets you modify properties of an existing SharePoint Online security groups in a site collection. E.g. You may wish to edit group permissions of a specific group, you’ll need to use this cmdlet to do it.

You can Add-Remove permission(s) on a group inside a site collection:

#Variables for Admin Center & Site Collection URL
$AdminCenterURL = ""
$SiteURL = ""

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#sharepoint online change group permissions
Set-SPOSiteGroup -Site $SiteURL -Identity "Marketing Managers" -PermissionLevelsToRemove "Edit" -PermissionLevelsToAdd "Contribute"

This PowerShell script modifies the permissions level of a custom security group called “Marketing Managers” on your SharePoint Online site collection, by removing the current “Edit” permission that the group has and grants “Contribute” permission to it.

PowerShell CSOM Script to Change Group Permissions in SharePoint Online:

For the members group of the site, lets remove “Edit” permissions and add “Contribute”

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Variables for Processing
$SiteURL = ""
$GroupName="Marketing Team Site Members"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred

    #Get all groups of the site
    $Groups = $Ctx.Web.SiteGroups
    #Get Group Names
    $GroupNames =  $Groups | Select -ExpandProperty Title
    #Check if the given group exists
    If($GroupNames -contains $GroupName)
        #Get the Group
        $Group = $ctx.Web.SiteGroups.GetByName($GroupName)

        #Get Permission Levels to add and remove
        $RoleDefToAdd = $Ctx.web.RoleDefinitions.GetByName($PermissionToAdd)
        $RoleDefToRemove = $Ctx.web.RoleDefinitions.GetByName($PermissionToRemove)
        #Get the Group's role assignment on the web
        $RoleAssignment = $Ctx.web.RoleAssignments.GetByPrincipal($Group)
        #Add/remove permission levels to the role assignment

        write-host  -f Green "User Group permissions updated Successfully!"
        Write-host -f Yellow "Group Doesn't exist!"
Catch {
    write-host -f Red "Error Changing Group Permissions!" $_.Exception.Message

Similarly, to add or remove permission to a SharePoint user, you can refer: SharePoint Online: Change User Permissions using PowerShell

PnP PowerShell to Change Group Permissions in SharePoint Online

Let’s add “Contribute” permissions and remove “Edit” permissions from a group:

#Config Variables
$SiteURL = ""
$GroupName="Sales Portal Members"
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Set Group Permissions: Remove "Edit" and Add "Contribute"
Set-PnPGroup -Identity $GroupName -AddRole "Contribute" -RemoveRole "Edit" 

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

7 thoughts on “SharePoint Online: Change Group Permissions using PowerShell

  • May 2, 2021 at 5:25 PM

    Hi Team, This is an excellent article. Thank you.
    Let me ask you, is there a way to get what List permissions, site permissions, manage permissions are in a permission level(permissions included in the permission level.

  • April 22, 2021 at 4:05 PM


    I have an O365 group and would like to be added to Members SP group of site collection stored in a csv? any ideas?

  • November 19, 2020 at 6:13 PM

    Hi Salaudeen, this blog is amazing and finding solutions to lot of things that I’m trying to achieve. Thank you so much for helping noobs like me to achieve the goal.

    I’m trying to change multiple subfolder permission for the default group. is this possible?
    for example; we have a private teams channel called Marketing. the document library of the marketing site that comes along with the channel has subfolders called A, B, C etc and these folder has multiple subfolders called m, n, o, p etc.
    before creating all these folder using script (there are 204 folder), I made the default group ‘Marketing members’ as Readonly for the root folder ‘marketing’ so the subfolders A, B etc can also be read only. Now, the sub-subfolder m,n,o etc are also read only but i want to change them to read-write so users can create content only in m,n,o etc and not under A,B,C etc.

    can it be done via script? if so, could you please help me?

    • November 19, 2020 at 7:12 PM

      Well, You can use this PnP PowerShell script for your requirement:

      $SiteURL = “”
      $ListName = “Shared Documents”
      $ParentFolderURL = “/shared documents/marketing”

      #Connect to PnP Online
      Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
      $Ctx = Get-PnPContext

      #Get 1st Level Folders from given parent Folder
      $Folders = Get-PnPFolderItem -ItemType Folder -FolderSiteRelativeUrl $ParentFolderURL

      #Iterate through each 1st level folders
      ForEach($Folder in $Folders)
      #Get Sub-folders of the 1st level folder
      $SubFolders = $Folder.Folders

      #Grant folder permissions to SharePoint Group on each sub-folder
      ForEach($SubFolder in $SubFolders)
      Set-PnPFolderPermission -List $ListName -identity $SubFolder.ServerRelativeURL -AddRole “Edit” -Group “Marketing Members”
      Write-host “Granted Permission to “$SubFolder.ServerRelativeURL

    • November 19, 2020 at 11:24 PM

      Thank you so much. I should’ve refreshed the page for your response but didn’t think I would receive response within an hour. anyways, I ran a script to delete all the folders and recreated all 12 folder and 204 sub folders using the script in the link which made me do a lot of work on excel. but your script would make it easier as its changing the permission. i’ll use it for future activities

  • January 7, 2019 at 12:40 PM

    Thanks Salaudeen, this is very helpful. I am not a developer so I couldn’t improvise on your script. But I am in need of a PS script to loop through all SPO site collections in the tenant and wherever a Group Name contains the word “Member” it removes the Edit permission level and adds the contribute permission level – do you think it is easily achievable, if so could you please help?


Leave a Reply