SharePoint Online: Grant Permission to All Files in a Folder using PowerShell

Requirement: Grant Permission to All Files in a Folder in SharePoint Online.

PowerShell to Grant Permission to All Files in a Folder in SharePoint Online

PowerShell to Set Permission to each File in a Folder

Managing the permissions of large numbers of files in SharePoint can be a time-consuming and complex task, especially when it comes to granting or revoking access to multiple files at once. Fortunately, administrators can use PowerShell scripts to automate the process and simplify the task of granting permissions to a folder of files. In this tutorial, we will show you how to grant permissions to all files in a folder in SharePoint Online using PowerShell.

Do you have a folder (or document library) with a bunch of files, and each file has unique permissions, and you want to grant permission to all files at once? Sure, Here is the PowerShell script to do that:

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
Function Grant-ListItemPermission
{
    param
    (   
        [Parameter(Mandatory=$true)] [string]$ItemID
    )
    Try {       
        #Get the List and Item
        $List = $Ctx.Web.Lists.GetByTitle($ListName)
        $ListItem=$List.GetItemByID($ItemID)
        $Ctx.Load($List)
        $Ctx.Load($ListItem)
        $Ctx.ExecuteQuery()
 
        #Check if Item has unique permission already
        $ListItem.Retrieve("HasUniqueRoleAssignments")
        $Ctx.ExecuteQuery()
 
        #Break Item's permission Inheritance, if its inheriting permissions from the parent
        if (-not $ListItem.HasUniqueRoleAssignments)
        {
            $ListItem.BreakRoleInheritance($True, $false) #keep the existing permissions: Yes -  Clear listitems permissions: No
            $ctx.ExecuteQuery()
        }
 
        #Get the User
        $User = $Ctx.Web.EnsureUser($UserID)
        $Ctx.load($User)
        $Ctx.ExecuteQuery()
 
        #Get the role 
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $UserPermissions = $ListItem.RoleAssignments.Add($User,$RoleDB)
        $ListItem.Update()
        $Ctx.ExecuteQuery()
     
        Write-host -f Green "Permission granted to List Item successfully!"
    }
    Catch {
        Write-host -f Red "Error granting permission to List Item!" $_.Exception.Message
    }
}

Function Get-AllFilesFromFolder
{
    param
    (   
        [Parameter(Mandatory=$true)] [string]$FolderRelativeURL
    )
   Try {     
        #Get the Folder and Files
        $Folder=$Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)
        $Ctx.Load($Folder)
        $Ctx.Load($Folder.Folders)
        $Ctx.Load($Folder.Files)
        $Ctx.ExecuteQuery()
 
        #Iterate through each File in the folder
        Foreach($File in $Folder.Files)
        {
            #Get Name for each File
            Write-Host ("Granting '{0}' Permission to User {1} on {2} at {3}" -f $PermissionLevel, $UserID, $File.Name, $File.ServerRelativeUrl)
            
            #Get the Properties of the File
            $Ctx.Load($File.ListItemAllFields)
            $Ctx.ExecuteQuery()
 
            #Call the function to grant permission to file
            Grant-ListItemPermission -ItemID $File.ListItemAllFields.Id
        }
        #Recursively process sub-folders
        ForEach($SubFolder in $Folder.Folders | Where{($_.Name -ne "Forms") -and (-Not($_.Name.StartsWith("_")))})
        {
           Get-AllFilesFromFolder $SubFolder.ServerRelativeUrl
        }
    }
    Catch {
        write-host -f Red "Error Getting Files from Folder!" $_.Exception.Message
    }
}

#Set parameter values
$SiteURL="https://crescent.sharepoint.com/Sites/Marketing"
$ListName = "Documents"
$FolderRelativeURL = "/Sites/Marketing/Shared Documents"
$UserID="salaudeen@crescent.com"
$PermissionLevel="Edit"

#Get Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Credentials

#Call the function to process all files in a folder
Get-AllFilesFromFolder -FolderRelativeURL $FolderRelativeURL

PnP PowerShell to Grant Permission to All Files in a Folder in SharePoint Online:

This time, let’s grant access to all files from a folder in the SharePoint Online library with the help of the PnP PowerShell cmdlet Set-PnPListItemPermission. Here is how to give unique permission to a folder in SharePoint Online:

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$ListName="Documents"
$ParentFolderURL = "/Shared Documents/2018" #Site Relative Path of the document Library
$UserAccount = "Salaudeen@crescent.com"
$Role = "Edit"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get all Files from the Folder
$AllFiles = Get-PnPFolderItem -ItemType File -FolderSiteRelativeUrl $ParentFolderURL

#Iterate through each File in the Folder
ForEach($File in $AllFiles)
{
    #Grant permissions to the File
    Set-PnPListItemPermission -List $ListName -Identity $File.ListItemAllFields -User $UserAccount -AddRole $Role
    Write-host ("Granted Permission to '{0}' at {1} " -f $File.Name,$File.ServerRelativeUrl)
}

You can also use the cmdlet Set-PnPFolderPermission to set permission on a folder. To get all files recursively from the folder, simply use the “-Recursive” switch to the Get-PnPFolderItem cmdlet.

Conclusion

By using PowerShell scripts, administrators can automate the process of granting permissions to files in SharePoint Online, making it quick and easy to manage large numbers of files. Granting permissions to all files in a folder can be done in a matter of minutes, saving administrators time and reducing the risk of manual errors. In conclusion, using PowerShell to grant permissions to all files in a folder in SharePoint Online is an efficient and effective way to manage user access. Whether you are dealing with a small number of files or a large folder with hundreds of files, this process can be automated to make bulk changes quickly and easily.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

One thought on “SharePoint Online: Grant Permission to All Files in a Folder using PowerShell

  • Thank you so much, you have PowerShell solution to every other issues in SP!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *