SharePoint Online: Grant Permission to a User on All Items in the List using PowerShell

Requirement: Grant Permission to a User on All Items in a SharePoint Online List.

powershell to Grant Permission to User on All Items in a  SharePoint Online List

PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online

If you have a list or document library with unique permissions applied to the items, granting access to each Item/file/folder one by one would be a tedious task and may take a lot of time. If you are looking for a way to quickly grant permissions to all items in your SharePoint Online list, Here is how to use PowerShell to grant permissions to all items:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$UserAccount = "i:0#.f|membership|salaudeen@crescent.com"
$PermissionLevel = "Edit"

#Get Credentials to connect
$Cred= Get-Credential
   
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)
 
#Get the User
$User = $Ctx.Web.EnsureUser($UserAccount) 
$Ctx.Load($User)
$Ctx.ExecuteQuery()
  
$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
  
#Batch process list items - to mitigate list threshold issue on larger lists
Do {  
    #Get items from the list in batches
    $ListItems = $List.GetItems($Query)
    $Ctx.Load($ListItems)
    $Ctx.ExecuteQuery()
            
    $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
   
    #Loop through each List item
    ForEach($ListItem in $ListItems)
    {
        #Check if List Item has unique permissions
        $ListItem.Retrieve("HasUniqueRoleAssignments")
        $Ctx.ExecuteQuery()
 
        #Break Item's permission Inheritance, if its inheriting permissions from the parent
        if (-not $ListItem.HasUniqueRoleAssignments)
        {
            $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes -  Clear listitems permissions: No
            $ctx.ExecuteQuery()
        }

        #Get the role 
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $UserPermissions = $ListItem.RoleAssignments.Add($User,$RoleDB)
        $ListItem.Update()
        $Ctx.ExecuteQuery()
 
        Write-host -ForegroundColor Green ("User Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
    }    
} While ($Query.ListItemCollectionPosition -ne $null)

Similarly, You can add a SharePoint Group to All Items as:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$GroupName = "Marketing Team Site Owners"
$PermissionLevel = "Full Control"
 
#Get Credentials to connect
$Cred= Get-Credential
   
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)

#Get the Group
$Group=$ctx.Web.SiteGroups.GetByName($GroupName)
$ctx.Load($Group)
$ctx.ExecuteQuery()

$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
  
#Batch process list items - to mitigate list threshold issue on larger lists
Do {  
    #Get items from the list in batches
    $ListItems = $List.GetItems($Query)
    $Ctx.Load($ListItems)
    $Ctx.ExecuteQuery()
            
    $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
   
    #Loop through each List item
    ForEach($ListItem in $ListItems)
    {
        #Check if List Item has unique permissions
        $ListItem.Retrieve("HasUniqueRoleAssignments")
        $Ctx.ExecuteQuery()
 
        #Break Item's permission Inheritance, if its inheriting permissions from the parent
        if (-not $ListItem.HasUniqueRoleAssignments)
        {
            $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes -  Clear listitems permissions: No
            $ctx.ExecuteQuery()
        }

        #Get the role - Permission Level
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $GroupPermissions = $ListItem.RoleAssignments.Add($Group,$RoleDB)
        $ListItem.Update()
        $Ctx.ExecuteQuery()
 
        Write-host -ForegroundColor Green ("Group Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
    }    
} While ($Query.ListItemCollectionPosition -ne $null)

PnP PowerShell to Add User to All Items in a SharePoint Online List

This handy PnP PowerShell lets you quickly give access to everything in your list without having to go through and add permissions for each item manually:

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/sites/Marketing"
$ListName ="Projects"
$UserID="Peter@TheCrescentTech.com"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get all list items
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
ForEach($ListItem in $ListItems)
{
    #Grant permission on List Item to User
    Set-PnPListItemPermission -Identity $ListItem.ID -List $ListName -AddRole "Edit" -User $UserID
}

These scripts work for all files in a document library too! To grant access to all folders in a SharePoint Online document library, use: Grant Permission to Each Folder in a Document Library in SharePoint Online using PowerShell?

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *