SharePoint Online: Grant Permission to Each Folder in a Document Library using PowerShell

Requirement: Grant permission to all sub-folders in a SharePoint Online document library

SharePoint Online: Grant Permission to Folders using PowerShell
Here is the PowerShell to add a user to each folder in SharePoint Online list or document library.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Set Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$ListName = "Documents"
$UserAccount = "Salaudeen@crescent.com"
$PermissionLevel= "Contribute"

#Function To call a non-generic Load Method
Function Invoke-LoadMethod() {
    Param(
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName
         )
   $Ctx = $Object.Context
   $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $Type = $Object.GetType()
   $ClientLoad = $Load.MakeGenericMethod($Type)
    
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))
}

#Function to Add User to Folder Permissions
Function Grant-SPOFolderPermission() {
    Param(
        [Microsoft.SharePoint.Client.Folder]$Folder, 
        [String]$UserAccount, 
        [String]$PermissionLevel
        )
    Try {

        #Check if Folder has unique permission already
        Invoke-LoadMethod -Object $Folder.ListItemAllFields -PropertyName "HasUniqueRoleAssignments"
        $Ctx.ExecuteQuery()

        If($Folder.ListItemAllFields.HasUniqueRoleAssignments -ne $true)
        {
            #Break Folder Permission inheritence - Keep all existing folder permissions & Item level permissions
            $Folder.ListItemAllFields.BreakRoleInheritance($True,$True)
            $Ctx.ExecuteQuery()
            Write-host -f Yellow "`tFolder's Permission inheritance broken..."
        }

        #Get the SharePoint User
        $User = $Ctx.Web.EnsureUser($UserAccount)
        $Ctx.load($User)
        $Ctx.ExecuteQuery()

        #Get the role required
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $UserPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($User,$RoleDB)
        $Folder.Update()
        Write-host -f Green "`tAdded User to Folder Permissions!"
    }
    catch {
        write-host "Error in Grant Permissions: $($_.Exception.Message)" -foregroundcolor Red
    }
}

#Get Credentials to connect
$Cred = Get-Credential
  
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
    #Get the List
    $List = $Ctx.web.Lists.GetByTitle($ListName) 
    
    #Get Sub-Folders of the List
    $SubFolders = $List.RootFolder.Folders
    $Ctx.Load($SubFolders)
    $Ctx.ExecuteQuery()
     
    #Iterate through Each Sub-Folder
    ForEach($Folder in $SubFolders)
    {
        #Exclude "Forms" and Hidden folders
        If(($Folder.Name -ne "Forms") -and (-Not($Folder.Name.StartsWith("_"))))
        {
            #Get the Folder's Server Relative URL
            Write-host -f Yellow "Granting Permissions on Folder:"$Folder.Name
            Grant-SPOFolderPermission -Folder $Folder -UserAccount $UserAccount -PermissionLevel $PermissionLevel
        }
    }
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}
This script recursively loops through each sub-folder in the given list or library and changes folder permissions by adding given user with given access rights. Managing folder permissions in SharePoint Online is discussed in my another article: SharePoint Online: Set Folder Permissions using PowerShell
SharePoint Online: Grant Permission to Each Folder in a Document Library using PowerShell SharePoint Online: Grant Permission to Each Folder in a Document Library using PowerShell Reviewed by Salaudeen Rajack on January 23, 2019 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.