SharePoint Online: Grant Permission to Each Folder in a Document Library using PowerShell
Requirement: Grant permission to all sub-folders in a SharePoint Online document library
SharePoint Online: Grant Permission to Folders using PowerShell
Here is the PowerShell to add a user to each folder in SharePoint Online list or document library.
PnP PowerShell to Add User to All Folders in a Document Library:
The Set-PnPListItemPermission cmdlet breaks the permission inheritance of the item, if its not broken already and adds/removes permissions based on the given parameters.
SharePoint Online: Grant Permission to Folders using PowerShell
Here is the PowerShell to add a user to each folder in SharePoint Online list or document library.
#Load SharePoint CSOM Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Set Config Variables $SiteURL = "https://crescent.sharepoint.com/sites/marketing" $ListName = "Documents" $UserAccount = "[email protected]" $PermissionLevel= "Contribute" #Function To call a non-generic Load Method Function Invoke-LoadMethod() { Param( [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName ) $Ctx = $Object.Context $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") $Type = $Object.GetType() $ClientLoad = $Load.MakeGenericMethod($Type) $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name) $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter)) $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1) $ExpressionArray.SetValue($Expression, 0) $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray)) } #Function to Add User to Folder Permissions Function Grant-SPOFolderPermission() { Param( [Microsoft.SharePoint.Client.Folder]$Folder, [String]$UserAccount, [String]$PermissionLevel ) Try { #Check if Folder has unique permission already Invoke-LoadMethod -Object $Folder.ListItemAllFields -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() If($Folder.ListItemAllFields.HasUniqueRoleAssignments -ne $true) { #Break Folder Permission inheritence - Keep all existing folder permissions & Item level permissions $Folder.ListItemAllFields.BreakRoleInheritance($True,$True) $Ctx.ExecuteQuery() Write-host -f Yellow "`tFolder's Permission inheritance broken..." } #Get the SharePoint User $User = $Ctx.Web.EnsureUser($UserAccount) $Ctx.load($User) $Ctx.ExecuteQuery() #Get the role required $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel) $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx) $RoleDB.Add($Role) #Assign permissions $UserPermissions = $Folder.ListItemAllFields.RoleAssignments.Add($User,$RoleDB) $Folder.Update() Write-host -f Green "`tAdded User to Folder Permissions!" } catch { write-host "Error in Grant Permissions: $($_.Exception.Message)" -foregroundcolor Red } } #Get Credentials to connect $Cred = Get-Credential Try { #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password) #Get the List $List = $Ctx.web.Lists.GetByTitle($ListName) #Get Sub-Folders of the List $SubFolders = $List.RootFolder.Folders $Ctx.Load($SubFolders) $Ctx.ExecuteQuery() #Iterate through Each Sub-Folder ForEach($Folder in $SubFolders) { #Exclude "Forms" and Hidden folders If(($Folder.Name -ne "Forms") -and (-Not($Folder.Name.StartsWith("_")))) { #Get the Folder's Server Relative URL Write-host -f Yellow "Granting Permissions on Folder:"$Folder.Name Grant-SPOFolderPermission -Folder $Folder -UserAccount $UserAccount -PermissionLevel $PermissionLevel } } } catch { write-host "Error: $($_.Exception.Message)" -foregroundcolor Red }This script recursively loops through each sub-folder in the given list or library and changes folder permissions by adding given user with given access rights. Managing folder permissions in SharePoint Online is discussed in my another article: SharePoint Online: Set Folder Permissions using PowerShell
PnP PowerShell to Add User to All Folders in a Document Library:
The Set-PnPListItemPermission cmdlet breaks the permission inheritance of the item, if its not broken already and adds/removes permissions based on the given parameters.
#Set Variables $SiteURL = "https://crescent.sharepoint.com/sites/Marketing" $ListName="Documents" $ParentFolderURL = "/Shared Documents" #Site Relative Path of the document Library $UserAccount = "[email protected]" #Connect to PNP Online Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential) #Get all Folders from the given location - Exclude Hidden $AllFolders= Get-PnPFolderItem -ItemType Folder -FolderSiteRelativeUrl $ParentFolderURL | Where {($_.Name -ne "Forms") -and (-Not($_.Name.StartsWith("_")))} #Iterate through each Folder ForEach($Folder in $AllFolders) { Write-host ("Granted Permission to '{0}' at {1} " -f $Folder.Name,$Folder.ServerRelativeUrl) #Grant Contribute permissions to the Folder Set-PnPListItemPermission -List $ListName -Identity $Folder.ListItemAllFields -User $UserAccount -AddRole 'Contribute' }
This is great thanks. Do you have a script that creates a batch of folders in a document library each with permissions for site owners and a single specified user (different for each folder) - all from a CSV (where first col is folder name and second is named accounts for permissions)?
ReplyDelete