SharePoint Online: Grant Permission to User on All Items in a List using PowerShell
Requirement: Grant Permission to a User on All Items in a SharePoint Online List
PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online
Similarly, You can add a SharePoint Group to All Items as:
PnP PowerShell to Add User to All Items in a SharePoint Online List
PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online
#Load SharePoint Online Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" ##Variables for Processing $SiteUrl = "https://crescent.sharepoint.com/sites/marketing" $ListName= "Migration Documents" $UserAccount = "i:0#.f|membership|[email protected]" $PermissionLevel = "Edit" #To call a non-generic method Load Function Invoke-LoadMethod() { param( [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName ) $ctx = $Object.Context $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") $type = $Object.GetType() $clientLoad = $load.MakeGenericMethod($type) $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name) $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter)) $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1) $ExpressionArray.SetValue($Expression, 0) $clientLoad.Invoke($ctx,@($Object,$ExpressionArray)) } #Get Credentials to connect $Cred= Get-Credential #Set up the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password) #Get the List $List = $Ctx.web.Lists.GetByTitle($ListName) #Get the User $User = $Ctx.Web.EnsureUser($UserAccount) $Ctx.Load($User) $Ctx.ExecuteQuery() $Query = New-Object Microsoft.SharePoint.Client.CamlQuery $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>" #Batch process list items - to mitigate list threashold issue on larger lists Do { #Get items from the list in batches $ListItems = $List.GetItems($Query) $Ctx.Load($ListItems) $Ctx.ExecuteQuery() $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition #Loop through each List item ForEach($ListItem in $ListItems) { #Check if List Item has unique permissions Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() #Break Item's permission Inheritance, if its inheriting permissions from the parent if (-not $ListItem.HasUniqueRoleAssignments) { $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes - Clear listitems permissions: No $ctx.ExecuteQuery() } #Get the role $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel) $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx) $RoleDB.Add($Role) #Assign permissions $UserPermissions = $ListItem.RoleAssignments.Add($User,$RoleDB) $ListItem.Update() $Ctx.ExecuteQuery() Write-host -ForegroundColor Green ("User Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"]) } } While ($Query.ListItemCollectionPosition -ne $null)
Similarly, You can add a SharePoint Group to All Items as:
#Load SharePoint Online Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" ##Variables for Processing $SiteUrl = "https://crescent.sharepoint.com/sites/marketing" $ListName= "Migration Documents" $GroupName = "Marketing Team Site Owners" $PermissionLevel = "Full Control" #To call a non-generic method Load Function Invoke-LoadMethod() { param( [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName ) $ctx = $Object.Context $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") $type = $Object.GetType() $clientLoad = $load.MakeGenericMethod($type) $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name) $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter)) $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1) $ExpressionArray.SetValue($Expression, 0) $clientLoad.Invoke($ctx,@($Object,$ExpressionArray)) } #Get Credentials to connect $Cred= Get-Credential #Set up the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password) #Get the List $List = $Ctx.web.Lists.GetByTitle($ListName) #Get the Group $Group=$ctx.Web.SiteGroups.GetByName($GroupName) $ctx.Load($Group) $ctx.ExecuteQuery() $Query = New-Object Microsoft.SharePoint.Client.CamlQuery $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>" #Batch process list items - to mitigate list threashold issue on larger lists Do { #Get items from the list in batches $ListItems = $List.GetItems($Query) $Ctx.Load($ListItems) $Ctx.ExecuteQuery() $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition #Loop through each List item ForEach($ListItem in $ListItems) { #Check if List Item has unique permissions Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() #Break Item's permission Inheritance, if its inheriting permissions from the parent if (-not $ListItem.HasUniqueRoleAssignments) { $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes - Clear listitems permissions: No $ctx.ExecuteQuery() } #Get the role - Permission Level $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel) $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx) $RoleDB.Add($Role) #Assign permissions $GroupPermissions = $ListItem.RoleAssignments.Add($Group,$RoleDB) $ListItem.Update() $Ctx.ExecuteQuery() Write-host -ForegroundColor Green ("Group Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"]) } } While ($Query.ListItemCollectionPosition -ne $null)
PnP PowerShell to Add User to All Items in a SharePoint Online List
#Config Variables $SiteURL = "https://crescenttech.sharepoint.com/sites/Marketing" $ListName ="Projects" $UserID="[email protected]" #Connect to PnP Online Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential) #Get all list items $ListItems = Get-PnPListItem -List $ListName ForEach($ListItem in $ListItems) { #Grant permission on List Item to User Set-PnPListItemPermission -Identity $ListItem.ID -List $ListName -AddRole "Edit" -User $UserID }
No comments:
Please Login and comment to get your questions answered!