SharePoint Online: Create Subsite with Unique Permissions using PowerShell
Requirement: Create a Subsite with Unique Permissions in SharePoint Online using PowerShell.
How to Create a Subsite with Unique permissions in SharePoint Online?
You can create a subsite with unique permissions in SharePoint Online to give specific people access to particular information on your site. This article will show you how to create a subsite with unique permissions in SharePoint Online.
- Login to your SharePoint Online site as Site collection Administrator >> Click on “Settings” >> Click on “Site Contents”.
- Click on the “New” button on the toolbar >> Choose “Subsite”.
- Provide a name and URL to your subsite. On the “Permissions” section, choose “Use unique permissions” and click on the “Create” button.
- On the next page, You’ll get the “Permission Setup” configurations for the SharePoint Online subsite that lets you create default groups for the site (URL: /_layouts/15/permsetup.aspx)
- Create a group or select existing groups to create a subsite with unique permissions.
Once the subsite is created, you can manage its permissions by adding or removing users or groups from the site.
PowerShell to Create a Subsite with Unique permissions
PowerShell provides a great way to automate everyday SharePoint tasks. This blog post will show you how to create a subsite with unique permissions.
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to create a subsite with unique permissions
Function New-SPOSubsite($SiteTitle, $SiteURL, $SiteTemplate, $ParentSiteURL)
{
#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($ParentSiteURL)
$Ctx.Credentials = $Cred
#Provide Subsite Parameters
$WebCI = New-Object Microsoft.SharePoint.Client.WebCreationInformation
$WebCI.Title = $SiteTitle
$WebCI.WebTemplate = $SiteTemplate
$WebCI.Url = $SiteURL
$SubWeb = $Ctx.Web.Webs.Add($WebCI)
$Ctx.ExecuteQuery()
Write-host "Subsite Created Successfully!" -ForegroundColor Green
#Break Inheritance
$SubWeb.BreakRoleInheritance($False, $False)
$SubWeb.Update()
$Ctx.ExecuteQuery()
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Variables for processing
$SiteTitle = "Sales Portal"
$SiteTemplate = "STS#0" #Team Site
$SiteURL ="sales"
$ParentSiteURL = "https://Crescent.sharepoint.com"
#$WCI.Language = "1033"
#Call the function with parameters
New-SPOSubsite -SiteTitle $SiteTitle -SiteURL $SiteURL -SiteTemplate $SiteTemplate -ParentSiteURL $ParentSiteURL
This script creates a subsite with unique permissions. But wait, we are not yet done! As we require Unique permissions, we need to create default permission groups: Owners, Members, and Visitors for the site.
PowerShell to Create Default Groups in SharePoint Online:
Here is how to use PowerShell to automatically create default groups with the membership assigned.
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to Create a Group
Function Create-SPOGroup([Microsoft.SharePoint.Client.Web]$Web, $GroupName, $PermissionLevel)
{
Try {
$Ctx = $Web.Context
#Get Existing Groups
$Groups = $Web.SiteGroups
$Ctx.Load($Groups)
$Ctx.ExecuteQuery()
#Check if the Group Exists already
$Group = $Groups | Where { $_.Title -eq $GroupName}
If(-Not $Group)
{
$GroupInfo = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$GroupInfo.Title = $GroupName
$Group = $Web.SiteGroups.Add($GroupInfo)
$Ctx.ExecuteQuery()
#Assign permission to the group
$RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel)
$RoleDefBinding = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
$RoleDefBinding.Add($RoleDefinition)
$Ctx.Load($Web.RoleAssignments.Add($Group,$RoleDefBinding))
$Ctx.ExecuteQuery()
Write-host -f Green "Created Group $GroupName and Assigned Permissions $PermissionLevel"
}
Return $Group
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Function default "Owners, Members and Visitors Group
Function Create-SPODefaultGroups($SiteURL)
{
#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred
#Get the Web
$Web=$Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Set Group Names
$OwnersGroupName = $Web.Title + " Owners"
$MembersGroupName = $Web.Title + " Members"
$VisitorsGroupName = $Web.Title + " Visitors"
#Create Default Groups
$OwnersGroup = Create-SPOGroup -Web $Web -GroupName $OwnersGroupName -PermissionLevel "Full Control"
$MembersGroup = Create-SPOGroup -Web $Web -GroupName $MembersGroupName -PermissionLevel "Edit"
$VisitorsGroup = Create-SPOGroup -Web $Web -GroupName $VisitorsGroupName -PermissionLevel "Read"
#Associate Default Groups
$web.AssociatedOwnerGroup = $OwnersGroup
$web.AssociatedOwnerGroup.Update()
$web.AssociatedMemberGroup = $MembersGroup
$web.AssociatedMemberGroup.Update()
$web.AssociatedVisitorGroup = $VisitorsGroup
$web.AssociatedVisitorGroup.Update()
$web.Update()
$Ctx.ExecuteQuery()
}
catch {
write-host -f Red "Error:" $_.Exception.Message
}
}
#Call the function to create default site groups
Create-SPODefaultGroups "https://Crescent.sharepoint.com/sales"
And the Result:
PnP PowerShell to Create New Subsite with Unique Permissions in SharePoint Online
We can also use the PnP PowerShell cmdlet New-PnPWeb to add a subsite with unique permissions and set up default user groups for the SharePoint Online site. Let’s see how to use PnP PowerShell to create a new subsite with unique permissions:
#Variables for processing
$SiteTitle = "Purchase Portal"
$SiteTemplate = "STS#3" #Modern Team Site
$SubSiteURL ="purchase"
$SiteURL = "https://Crescent.sharepoint.com"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials $Cred
#Create new subsite with broken permission
$Web = New-PnPWeb -Title $SiteTitle -Url $SubSiteURL -Template $SiteTemplate -BreakInheritance -ErrorAction Stop
Write-host -f Green "New Subsite '$SiteTitle' created with Unique Permissions..."
#Connect to newly created subsite
Connect-PnPOnline -Url $Web.Url -Credentials $Cred
#Set Group Names
$OwnersGroupName = $Web.Title + " Owners"
$MembersGroupName = $Web.Title + " Members"
$VisitorsGroupName = $Web.Title + " Visitors"
#Setup Default Groups
$OwnersGroup = Get-PnPGroup -Identity $OwnersGroupName -ErrorAction SilentlyContinue
If(-Not $OwnersGroup)
{
$OwnersGroup = New-PnPGroup -Title $OwnersGroupName
Write-host -f Green "Created Owners Group '$OwnersGroupName'"
}
Set-PnPGroup -Identity $OwnersGroup -SetAssociatedGroup Owners -AddRole "Full Control"
#Members Group
$MembersGroup = Get-PnPGroup -Identity $MembersGroupName -ErrorAction SilentlyContinue
If(-Not $MembersGroup)
{
$MembersGroup = New-PnPGroup -Title $MembersGroupName
Write-host -f Green "Created Members Group '$MembersGroupName'"
}
Set-PnPGroup -Identity $MembersGroup -SetAssociatedGroup Members -AddRole "Edit"
#Visitors Group
$VisitorsGroup = Get-PnPGroup -Identity $VisitorsGroupName -ErrorAction SilentlyContinue
If(-Not $VisitorsGroup)
{
$VisitorsGroup = New-PnPGroup -Title $VisitorsGroupName
Write-host -f Green "Created Visitors Group '$VisitorsGroupName'"
}
Set-PnPGroup -Identity $VisitorsGroup -SetAssociatedGroup Visitors -AddRole "Read"
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
By using unique permissions for a subsite, you can grant or restrict access to specific users or groups, giving you greater control over who can view or edit the content in the site. To create multiple subsites, use: How to Bulk Create Subsites in SharePoint Online using PowerShell?
With “-Setasociatedgroup” it gives me denied access error and my groups have simple names “Owners”, “Test Members” and “Test Visitors”
Set-PnPGroup gives the access denied error.
Use Set-PnPGroupPermissions instead
Set-PnPGroupPermissions -Identity $VisitorsGroup -AddRole “Read” -Web $Web
With that you are not associating the default groups to the subsite?
Hi VisitorsGroupName’ while executing Set-PnPGroup -Identity $VisitorsGroup –SetAssociatedGroup Visitors -AddRole “Read” , I am getting access denied. Group is getting created and not associated with the subsites. Has anyone faced similar issues??
Right! This was caused by a special character “–” and fixed the same.
This is really good information. I’m trying to loop thru a CSV file to pull the Subsite names and add Unique Groups with as well as put a user in the Owner Group. These may help I just gotta see if I can step thru a CSV file.
Sure, This should help: SharePoint Online: Bulk Import Users to Groups from a CSV File using PowerShell