SharePoint Online: Create Subsite with Unique Permissions using PowerShell
Requirement: Create a Subsite with Unique Permissions in SharePoint Online using PowerShell
Create Subsite with Unique permissions in SharePoint Online using PowerShell
The Permission Setup page in SharePoint Online lets you to create default groups for the site: https://crescent.sharepoint.com/sales/_layouts/15/permsetup.aspx
PowerShell to Create Default Groups in SharePoint Online:
PnP PowerShell to Create a Subsite with Unique Permissions in SharePoint Online:
Create Subsite with Unique permissions in SharePoint Online using PowerShell
#Load SharePoint Online Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Function to create a subsite with unique permissions Function New-SPOSubsite($SiteTitle, $SiteURL, $SiteTemplate, $ParentSiteURL) { #Setup Credentials to connect $Cred = Get-Credential $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password) Try { #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($ParentSiteURL) $Ctx.Credentials = $Cred #Provide Subsite Parameters $WebCI = New-Object Microsoft.SharePoint.Client.WebCreationInformation $WebCI.Title = $SiteTitle $WebCI.WebTemplate = $SiteTemplate $WebCI.Url = $SiteURL $SubWeb = $Ctx.Web.Webs.Add($WebCI) $Ctx.ExecuteQuery() Write-host "Subsite Created Successfully!" -ForegroundColor Green #Break Inheritance $SubWeb.BreakRoleInheritance($False, $False) $SubWeb.Update() $Ctx.ExecuteQuery() } catch { write-host -f Red "Error:" $_.Exception.Message } } #Variables for processing $SiteTitle = "Sales Portal" $SiteTemplate = "STS#0" #Team Site $SiteURL ="sales" $ParentSiteURL = "https://crescenttech.sharepoint.com" #$WCI.Language = "1033" #Call the function with parameters New-SPOSubsite -SiteTitle $SiteTitle -SiteURL $SiteURL -SiteTemplate $SiteTemplate -ParentSiteURL $ParentSiteURLThis script creates a subsite with unique permissions. But wait, we are not yet done! As we specified Unique permissions, we need to create default permission groups: Owners, Members and Visitors for the site.
The Permission Setup page in SharePoint Online lets you to create default groups for the site: https://crescent.sharepoint.com/sales/_layouts/15/permsetup.aspx
PowerShell to Create Default Groups in SharePoint Online:
#Load SharePoint Online Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Function to Create a Group Function Create-SPOGroup([Microsoft.SharePoint.Client.Web]$Web, $GroupName, $PermissionLevel) { Try { $Ctx = $Web.Context #Get Existing Groups $Groups = $Web.SiteGroups $Ctx.Load($Groups) $Ctx.ExecuteQuery() #Check if the Group Exists already $Group = $Groups | Where { $_.Title -eq $GroupName} If(-Not $Group) { $GroupInfo = New-Object Microsoft.SharePoint.Client.GroupCreationInformation $GroupInfo.Title = $GroupName $Group = $Web.SiteGroups.Add($GroupInfo) $Ctx.ExecuteQuery() #Assign permission to the group $RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel) $RoleDefBinding = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx) $RoleDefBinding.Add($RoleDefinition) $Ctx.Load($Web.RoleAssignments.Add($Group,$RoleDefBinding)) $Ctx.ExecuteQuery() Write-host -f Green "Created Group $GroupName and Assigned Permissions $PermissionLevel" } Return $Group } catch { write-host -f Red "Error:" $_.Exception.Message } } #Function default "Owners, Members and Visitors Group Function Create-SPODefaultGroups($SiteURL) { #Setup Credentials to connect $Cred = Get-Credential $Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password) Try { #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Ctx.Credentials = $Cred #Get the Web $Web=$Ctx.Web $Ctx.Load($Web) $Ctx.ExecuteQuery() #Set Group Names $OwnersGroupName = $Web.Title + " Owners" $MembersGroupName = $Web.Title + " Members" $VisitorsGroupName = $Web.Title + " Visitors" #Create Default Groups $OwnersGroup = Create-SPOGroup -Web $Web -GroupName $OwnersGroupName -PermissionLevel "Full Control" $MembersGroup = Create-SPOGroup -Web $Web -GroupName $MembersGroupName -PermissionLevel "Edit" $VisitorsGroup = Create-SPOGroup -Web $Web -GroupName $VisitorsGroupName -PermissionLevel "Read" #Associate Default Groups $web.AssociatedOwnerGroup = $OwnersGroup $web.AssociatedOwnerGroup.Update() $web.AssociatedMemberGroup = $MembersGroup $web.AssociatedMemberGroup.Update() $web.AssociatedVisitorGroup = $VisitorsGroup $web.AssociatedVisitorGroup.Update() $web.Update() $Ctx.ExecuteQuery() } catch { write-host -f Red "Error:" $_.Exception.Message } } #Call the function to create default site groups Create-SPODefaultGroups "https://crescenttech.sharepoint.com/sales"and the Result:
PnP PowerShell to Create a Subsite with Unique Permissions in SharePoint Online:
#Variables for processing $SiteTitle = "Purchase Portal" $SiteTemplate = "STS#3" #Modern Team Site $SubSiteURL ="purchase" $SiteURL = "https://crescenttech.sharepoint.com" #Get Credentials to connect $Cred = Get-Credential Try { #Connect to PNP Online Connect-PnPOnline -Url $SiteURL -Credentials $Cred #Create new subsite with broken permission $Web = New-PnPWeb -Title $SiteTitle -Url $SubSiteURL -Template $SiteTemplate -BreakInheritance -ErrorAction Stop Write-host -f Green "New Subsite '$SiteTitle' created with Unique Permissions..." #Disconnect Parent Web and connect to newly created subsite Disconnect-PnPOnline Connect-PnPOnline -Url $Web.Url -Credentials $Cred #Set Group Names $OwnersGroupName = $Web.Title + " Owners" $MembersGroupName = $Web.Title + " Members" $VisitorsGroupName = $Web.Title + " Visitors" #Setup Default Groups $OwnersGroup = Get-PnPGroup -Identity $OwnersGroupName -ErrorAction SilentlyContinue If(-Not $OwnersGroup) { $OwnersGroup = New-PnPGroup -Title $OwnersGroupName Write-host -f Green "Created Owners Group '$OwnersGroupName'" } Set-PnPGroup -Identity $OwnersGroup -SetAssociatedGroup Owners -AddRole "Full Control" #Members Group $MembersGroup = Get-PnPGroup -Identity $MembersGroupName -ErrorAction SilentlyContinue If(-Not $MembersGroup) { $MembersGroup = New-PnPGroup -Title $MembersGroupName Write-host -f Green "Created Members Group '$MembersGroupName'" } Set-PnPGroup -Identity $MembersGroup -SetAssociatedGroup Members -AddRole "Edit" #Visitors Group $VisitorsGroup = Get-PnPGroup -Identity $VisitorsGroupName -ErrorAction SilentlyContinue If(-Not $VisitorsGroup) { $VisitorsGroup = New-PnPGroup -Title $VisitorsGroupName Write-host -f Green "Created Visitors Group '$VisitorsGroupName'" } Set-PnPGroup -Identity $VisitorsGroup -SetAssociatedGroup Visitors -AddRole "Read" } Catch { write-host -f Red "Error:" $_.Exception.Message }
This is really good information. I'm trying to loop thru a CSV file to pull the Subsite names and add Unique Groups with as well as put a user in the Owner Group. These may help I just gotta see if I can step thru a CSV file.
ReplyDeleteSure, This should help: SharePoint Online: Bulk Import Users to Groups from a CSV File using PowerShell
DeleteHi VisitorsGroupName' while executing Set-PnPGroup -Identity $VisitorsGroup –SetAssociatedGroup Visitors -AddRole "Read" , I am getting access denied. Group is getting created and not associated with the subsites. Has anyone faced similar issues??
ReplyDeleteRight! This was caused by a special character "–" and fixed the same.
DeleteSet-PnPGroup gives the access denied error.
ReplyDeleteUse Set-PnPGroupPermissions instead
Set-PnPGroupPermissions -Identity $VisitorsGroup -AddRole "Read" -Web $Web