PowerShell to Update Permissions for Custom Permission Level in SharePoint

Requirement: Update permission level in SharePoint using PowerShell.

How to Edit a Permission level in SharePoint?

If you have ever created a custom permission level in SharePoint, you know that it can be a bit of a pain to set the permissions correctly. This blog post will show you how to update permissions for a permission level. We will also show you how to use PowerShell to update permissions for your custom permission level!

To edit an existing permission level in SharePoint, follow these steps:

  1. Permission levels are scoped at site collection. So, Navigate to the SharePoint site collection where you want the permission level to be edited.
  2. Click on Settings gear >> Select Site Settings from the Settings menu.
  3. On the Site Settings page, click on the “Site Permissions” link under the Users and Permissions section.
  4. On the Permissions page, click on the “Permission Levels” button from the Permissions tab of the ribbon. 
  5. On the Permission Levels page, click on the permission level you want to edit.
  6. Uncheck the tick boxes next to the permission to remove it from the permission level. E.g., I’ve removed “Delete Items” from the permission level. Similarly, you can add any permission to include it.
    sharepoint update permission level powershell
  7. Scroll down and click on the “Submit” button to save your changes. 

This updates the permission level in SharePoint. Now, let’s see how to change the permission level in SharePoint using PowerShell.

PowerShell to Update a Permission Level in SharePoint

To change permissions of a permission level using PowerShell, use:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Parameters
$SiteURL = "https://sharepoint.crescent.com/sites/operations"
$PermissionLevelName = "Contribute without Delete"

#Get the Site collection's Root web
$web = Get-SPWeb $SiteURL

#Get the Permission Level
$RoleDefinition = $Web.RoleDefinitions[$PermissionLevelName]

If($RoleDefinition)
{
    #Set the Base Permissions
    $Permissions="ViewListItems, AddListItems, EditListItems, OpenItems, ViewVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo"

    #Update the Permissions for Permission Level
    $RoleDefinition.BasePermissions = $Permissions
    $RoleDefinition.Update()
    Write-host "Permisssion Level Updated Successfully!" -f Green
}
Else
{
    Write-host "Couldn't find Permissions Level $PermissionLevelName!" -f Yellow
}

To get all available base permissions, refer: https://docs.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.spbasepermissions?view=sharepoint-server

Warning: Do not change the Out of the box permission levels such as “Full control” or “Contribute”! Always copy the existing permission level and add/remove permissions to it!

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

2 thoughts on “PowerShell to Update Permissions for Custom Permission Level in SharePoint

  • We would like to change the standard “Read” permission and remove the “View Versions” permission on all sharepoint sites at once. The users who can only read should only see the actual version and not older ones. I found no settings where this could be set otherwise.
    Perhabs you can modify the script to get all sites and make the settings one after another!?
    Greetings

    Reply
  • Is it possible to do this with PnP PowerShell?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *