SharePoint Online: Grant Permission to a User on All Items in the List using PowerShell
Requirement: Grant Permission to a User on All Items in a SharePoint Online List.
PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online
If you have a list or document library with unique permissions applied to the items, granting access to each Item/file/folder one by one would be a tedious task and may take a lot of time. If you are looking for a way to quickly grant permissions to all items in your SharePoint Online list, Here is how to use PowerShell to grant permissions to all items:
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$UserAccount = "i:0#.f|membership|[email protected]"
$PermissionLevel = "Edit"
#Get Credentials to connect
$Cred= Get-Credential
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)
#Get the User
$User = $Ctx.Web.EnsureUser($UserAccount)
$Ctx.Load($User)
$Ctx.ExecuteQuery()
$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
#Batch process list items - to mitigate list threshold issue on larger lists
Do {
#Get items from the list in batches
$ListItems = $List.GetItems($Query)
$Ctx.Load($ListItems)
$Ctx.ExecuteQuery()
$Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
#Loop through each List item
ForEach($ListItem in $ListItems)
{
#Check if List Item has unique permissions
$ListItem.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
#Break Item's permission Inheritance, if its inheriting permissions from the parent
if (-not $ListItem.HasUniqueRoleAssignments)
{
$ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes - Clear listitems permissions: No
$ctx.ExecuteQuery()
}
#Get the role
$Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
$RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
$RoleDB.Add($Role)
#Assign permissions
$UserPermissions = $ListItem.RoleAssignments.Add($User,$RoleDB)
$ListItem.Update()
$Ctx.ExecuteQuery()
Write-host -ForegroundColor Green ("User Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
}
} While ($Query.ListItemCollectionPosition -ne $null)
Similarly, You can add a SharePoint Group to All Items as:
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$GroupName = "Marketing Team Site Owners"
$PermissionLevel = "Full Control"
#Get Credentials to connect
$Cred= Get-Credential
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)
#Get the Group
$Group=$ctx.Web.SiteGroups.GetByName($GroupName)
$ctx.Load($Group)
$ctx.ExecuteQuery()
$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
#Batch process list items - to mitigate list threshold issue on larger lists
Do {
#Get items from the list in batches
$ListItems = $List.GetItems($Query)
$Ctx.Load($ListItems)
$Ctx.ExecuteQuery()
$Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
#Loop through each List item
ForEach($ListItem in $ListItems)
{
#Check if List Item has unique permissions
$ListItem.Retrieve("HasUniqueRoleAssignments")
$Ctx.ExecuteQuery()
#Break Item's permission Inheritance, if its inheriting permissions from the parent
if (-not $ListItem.HasUniqueRoleAssignments)
{
$ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes - Clear listitems permissions: No
$ctx.ExecuteQuery()
}
#Get the role - Permission Level
$Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
$RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
$RoleDB.Add($Role)
#Assign permissions
$GroupPermissions = $ListItem.RoleAssignments.Add($Group,$RoleDB)
$ListItem.Update()
$Ctx.ExecuteQuery()
Write-host -ForegroundColor Green ("Group Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
}
} While ($Query.ListItemCollectionPosition -ne $null)
PnP PowerShell to Add User to All Items in a SharePoint Online List
This handy PnP PowerShell lets you quickly give access to everything in your list without having to go through and add permissions for each item manually:
#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/sites/Marketing"
$ListName ="Projects"
$UserID="[email protected]"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
#Get all list items
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
ForEach($ListItem in $ListItems)
{
#Grant permission on List Item to User
Set-PnPListItemPermission -Identity $ListItem.ID -List $ListName -AddRole "Edit" -User $UserID
}
These scripts work for all files in a document library too! To grant access to all folders in a SharePoint Online document library, use: Grant Permission to Each Folder in a Document Library in SharePoint Online using PowerShell?
