SharePoint Online: Change Group Permissions using PowerShell

Requirement: SharePoint Online Change Group Permissions

How to Update permissions for a SharePoint group?
To edit group permissions in SharePoint Online, following these steps:
  • Login to your SharePoint Online site as a administrator >> On the site collection Home page, click on Settings icon >> Click Site settings.
  • On the Site Settings page, under Users and Permissions, click on Site permissions.
  • Select the check box of the group to which you want to change permissions (either to grant additional rights or to revoke existing permissions).
  • In the Modify section of the ribbon, click on "Edit User Permissions" button.
    sharepoint online edit group permissions
  • On the Edit Permissions page, select/deselect the group permission check boxes according to your requirement. You can simply tick a checkbox next to permission levels such as "Contribute" to grant permission or uncheck to remove permission from the group.
    SharePoint Online Change Group Permissions using powershell
  • Click OK to save permission changes to the group.

Now, Lets edit group permissions using PowerShell.

SharePoint Online: Change Group Permission Level using PowerShell
The Set-SPOSiteGroup cmdlet lets you modify properties of a existing SharePoint Online security groups in a site collection. E.g. You may wish to edit group permissions of a specific group, you'll need to use this cmdlet to do it.

You can Add-Remove permission(s) on a group inside a site collection:
#Variables for Admin Center & Site Collection URL
$AdminCenterURL = ""
$SiteURL = ""

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#sharepoint online change group permissions
Set-SPOSiteGroup -Site $SiteURL -Identity "Marketing Managers" -PermissionLevelsToRemove "Edit" -PermissionLevelsToAdd "Contribute"
This PowerShell script modifies the permissions level of a custom security group called "Marketing Managers" on your SharePoint Online site collection, by removing the current "Edit" permission that the group has and grants "Contribute" permission to it.

PowerShell-CSOM to Change Group Permissions in SharePoint Online:
For the members group of the site, lets remove "Edit" permissions and add "Contribute"
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Variables for Processing
$SiteURL = ""
$GroupName="Marketing Team Site Members"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred

    #Get all groups of the site
    $Groups = $Ctx.Web.SiteGroups
    #Get Group Names
    $GroupNames =  $Groups | Select -ExpandProperty Title
    #Check if the given group exists
    If($GroupNames -contains $GroupName)
        #Get the Group
        $Group = $ctx.Web.SiteGroups.GetByName($GroupName)

        #Get Permission Levels to add and remove
        $RoleDefToAdd = $Ctx.web.RoleDefinitions.GetByName($PermissionToAdd)
        $RoleDefToRemove = $Ctx.web.RoleDefinitions.GetByName($PermissionToRemove)
        #Get the Group's role assignment on the web
        $RoleAssignment = $Ctx.web.RoleAssignments.GetByPrincipal($Group)
        #Add/remove permission levels to the role assignment

        write-host  -f Green "User Group permissions updated Successfully!"
        Write-host -f Yellow "Group Doesn't exist!"
Catch {
    write-host -f Red "Error Changing Group Permissions!" $_.Exception.Message
Similarly, to add or remove permission to a SharePoint user, you can refer: SharePoint Online: Change User Permissions using PowerShell

PnP PowerShell to Change Group Permissions in SharePoint Online:
#Config Variables
$SiteURL = ""
$GroupName="Sales Portal Members"
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Set Group Permissions: Remove "Edit" and Add "Contribute"
Set-PnPGroup -Identity $GroupName -AddRole "Contribute" -RemoveRole "Edit" 


  1. Thanks Salaudeen, this is very helpful. I am not a developer so I couldn't improvise on your script. But I am in need of a PS script to loop through all SPO site collections in the tenant and wherever a Group Name contains the word "Member" it removes the Edit permission level and adds the contribute permission level - do you think it is easily achievable, if so could you please help?

    1. So you want to replace the default member permissions from Edit to Contribute, isn't it? My another post written for SharePoint On-Prem could help you! Replace Edit Permissions with Contribute in SharePoint


Please Login and comment to get your questions answered!

Powered by Blogger.