SharePoint Online: Create Subsite with Unique Permissions using PowerShell
Requirement: Create a Subsite with Unique Permissions in SharePoint Online using PowerShell
Create Subsite with Unique permissions in SharePoint Online using PowerShell
The Permission Setup page in SharePoint Online lets you to create default groups for the site: https://crescent.sharepoint.com/sales/_layouts/15/permsetup.aspx
PowerShell to Create Default Groups in SharePoint Online:
PnP PowerShell to Create a Subsite with Unique Permissions in SharePoint Online:
Create Subsite with Unique permissions in SharePoint Online using PowerShell
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to create a subsite with unique permissions
Function New-SPOSubsite($SiteTitle, $SiteURL, $SiteTemplate, $ParentSiteURL)
{
#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($ParentSiteURL)
$Ctx.Credentials = $Cred
#Provide Subsite Parameters
$WebCI = New-Object Microsoft.SharePoint.Client.WebCreationInformation
$WebCI.Title = $SiteTitle
$WebCI.WebTemplate = $SiteTemplate
$WebCI.Url = $SiteURL
$SubWeb = $Ctx.Web.Webs.Add($WebCI)
$Ctx.ExecuteQuery()
Write-host "Subsite Created Successfully!" -ForegroundColor Green
#Break Inheritance
$SubWeb.BreakRoleInheritance($False, $False)
$SubWeb.Update()
$Ctx.ExecuteQuery()
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Variables for processing
$SiteTitle = "Sales Portal"
$SiteTemplate = "STS#0" #Team Site
$SiteURL ="sales"
$ParentSiteURL = "https://crescenttech.sharepoint.com"
#$WCI.Language = "1033"
#Call the function with parameters
New-SPOSubsite -SiteTitle $SiteTitle -SiteURL $SiteURL -SiteTemplate $SiteTemplate -ParentSiteURL $ParentSiteURL
This script creates a subsite with unique permissions. But wait, we are not yet done! As we specified Unique permissions, we need to create default permission groups: Owners, Members and Visitors for the site.The Permission Setup page in SharePoint Online lets you to create default groups for the site: https://crescent.sharepoint.com/sales/_layouts/15/permsetup.aspx
PowerShell to Create Default Groups in SharePoint Online:
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to Create a Group
Function Create-SPOGroup([Microsoft.SharePoint.Client.Web]$Web, $GroupName, $PermissionLevel)
{
Try {
$Ctx = $Web.Context
#Get Existing Groups
$Groups = $Web.SiteGroups
$Ctx.Load($Groups)
$Ctx.ExecuteQuery()
#Check if the Group Exists already
$Group = $Groups | Where { $_.Title -eq $GroupName}
If(-Not $Group)
{
$GroupInfo = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$GroupInfo.Title = $GroupName
$Group = $Web.SiteGroups.Add($GroupInfo)
$Ctx.ExecuteQuery()
#Assign permission to the group
$RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel)
$RoleDefBinding = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
$RoleDefBinding.Add($RoleDefinition)
$Ctx.Load($Web.RoleAssignments.Add($Group,$RoleDefBinding))
$Ctx.ExecuteQuery()
Write-host -f Green "Created Group $GroupName and Assigned Permissions $PermissionLevel"
}
Return $Group
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Function default "Owners, Members and Visitors Group
Function Create-SPODefaultGroups($SiteURL)
{
#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred
#Get the Web
$Web=$Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Set Group Names
$OwnersGroupName = $Web.Title + " Owners"
$MembersGroupName = $Web.Title + " Members"
$VisitorsGroupName = $Web.Title + " Visitors"
#Create Default Groups
$OwnersGroup = Create-SPOGroup -Web $Web -GroupName $OwnersGroupName -PermissionLevel "Full Control"
$MembersGroup = Create-SPOGroup -Web $Web -GroupName $MembersGroupName -PermissionLevel "Edit"
$VisitorsGroup = Create-SPOGroup -Web $Web -GroupName $VisitorsGroupName -PermissionLevel "Read"
#Associate Default Groups
$web.AssociatedOwnerGroup = $OwnersGroup
$web.AssociatedOwnerGroup.Update()
$web.AssociatedMemberGroup = $MembersGroup
$web.AssociatedMemberGroup.Update()
$web.AssociatedVisitorGroup = $VisitorsGroup
$web.AssociatedVisitorGroup.Update()
$web.Update()
$Ctx.ExecuteQuery()
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Call the function to create default site groups
Create-SPODefaultGroups "https://crescenttech.sharepoint.com/sales"
and the Result:PnP PowerShell to Create a Subsite with Unique Permissions in SharePoint Online:
#Variables for processing
$SiteTitle = "Purchase Portal"
$SiteTemplate = "STS#3" #Modern Team Site
$SubSiteURL ="purchase"
$SiteURL = "https://crescenttech.sharepoint.com"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials $Cred
#Create new subsite with broken permission
$Web = New-PnPWeb -Title $SiteTitle -Url $SubSiteURL -Template $SiteTemplate -BreakInheritance -ErrorAction Stop
Write-host -f Green "New Subsite '$SiteTitle' created with Unique Permissions..."
#Disconnect Parent Web and connect to newly created subsite
Disconnect-PnPOnline
Connect-PnPOnline -Url $Web.Url -Credentials $Cred
#Set Group Names
$OwnersGroupName = $Web.Title + " Owners"
$MembersGroupName = $Web.Title + " Members"
$VisitorsGroupName = $Web.Title + " Visitors"
#Setup Default Groups
$OwnersGroup = Get-PnPGroup -Identity $OwnersGroupName -ErrorAction SilentlyContinue
If(-Not $OwnersGroup)
{
$OwnersGroup = New-PnPGroup -Title $OwnersGroupName
Write-host -f Green "Created Owners Group '$OwnersGroupName'"
}
Set-PnPGroup -Identity $OwnersGroup -SetAssociatedGroup Owners -AddRole "Full Control"
#Members Group
$MembersGroup = Get-PnPGroup -Identity $MembersGroupName -ErrorAction SilentlyContinue
If(-Not $MembersGroup)
{
$MembersGroup = New-PnPGroup -Title $MembersGroupName
Write-host -f Green "Created Members Group '$MembersGroupName'"
}
Set-PnPGroup -Identity $MembersGroup -SetAssociatedGroup Members -AddRole "Edit"
#Visitors Group
$VisitorsGroup = Get-PnPGroup -Identity $VisitorsGroupName -ErrorAction SilentlyContinue
If(-Not $VisitorsGroup)
{
$VisitorsGroup = New-PnPGroup -Title $VisitorsGroupName
Write-host -f Green "Created Visitors Group '$VisitorsGroupName'"
}
Set-PnPGroup -Identity $VisitorsGroup -SetAssociatedGroup Visitors -AddRole "Read"
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
Related Posts:
This is really good information. I'm trying to loop thru a CSV file to pull the Subsite names and add Unique Groups with as well as put a user in the Owner Group. These may help I just gotta see if I can step thru a CSV file.
ReplyDeleteSure, This should help: SharePoint Online: Bulk Import Users to Groups from a CSV File using PowerShell
DeleteHi VisitorsGroupName' while executing Set-PnPGroup -Identity $VisitorsGroup –SetAssociatedGroup Visitors -AddRole "Read" , I am getting access denied. Group is getting created and not associated with the subsites. Has anyone faced similar issues??
ReplyDeleteRight! This was caused by a special character "–" and fixed the same.
DeleteSet-PnPGroup gives the access denied error.
ReplyDeleteUse Set-PnPGroupPermissions instead
Set-PnPGroupPermissions -Identity $VisitorsGroup -AddRole "Read" -Web $Web