SharePoint Diary » PowerShell » SharePoint Online: Grant Permission to a User on All Items in the List using PowerShell

SharePoint Online: Grant Permission to a User on All Items in the List using PowerShell

February 10, 2022 Salaudeen Rajack 0 Comments

Requirement: Grant Permission to a User on All Items in a SharePoint Online List

powershell to Grant Permission to User on All Items in a SharePoint Online List

PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online

If you have a list or document library with unique permissions applied on the items, granting access to each Item/file/folder one by one would be a tedious task and may take a lot of time. If you are looking for a way to quickly grant permissions to all items in your SharePoint Online list, Here is how to use PowerShell to grant permissions to all items:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$UserAccount = "i:0#.f|membership|[email protected]"
$PermissionLevel = "Edit"

#To call a non-generic method Load
Function Invoke-LoadMethod() {
    param(
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),
            [string]$PropertyName
        ) 
   $ctx = $Object.Context
   $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $type = $Object.GetType()
   $clientLoad = $load.MakeGenericMethod($type)
    
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
 
#Get Credentials to connect
$Cred= Get-Credential
   
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)
 
#Get the User
$User = $Ctx.Web.EnsureUser($UserAccount) 
$Ctx.Load($User)
$Ctx.ExecuteQuery()
  
$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
  
#Batch process list items - to mitigate list threshold issue on larger lists
Do {  
    #Get items from the list in batches
    $ListItems = $List.GetItems($Query)
    $Ctx.Load($ListItems)
    $Ctx.ExecuteQuery()
            
    $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
   
    #Loop through each List item
    ForEach($ListItem in $ListItems)
    {
        #Check if List Item has unique permissions
        Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"
        $Ctx.ExecuteQuery()
 
        #Break Item's permission Inheritance, if its inheriting permissions from the parent
        if (-not $ListItem.HasUniqueRoleAssignments)
        {
            $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes -  Clear listitems permissions: No
            $ctx.ExecuteQuery()
        }

        #Get the role 
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $UserPermissions = $ListItem.RoleAssignments.Add($User,$RoleDB)
        $ListItem.Update()
        $Ctx.ExecuteQuery()
 
        Write-host -ForegroundColor Green ("User Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
    }    
} While ($Query.ListItemCollectionPosition -ne $null)

Similarly, You can add a SharePoint Group to All Items as:

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
##Variables for Processing
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$ListName= "Migration Documents"
$GroupName = "Marketing Team Site Owners"
$PermissionLevel = "Full Control"

#To call a non-generic method Load
Function Invoke-LoadMethod() {
    param(
            [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),
            [string]$PropertyName
        ) 
   $ctx = $Object.Context
   $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $type = $Object.GetType()
   $clientLoad = $load.MakeGenericMethod($type)
    
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
 
#Get Credentials to connect
$Cred= Get-Credential
   
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
#Get the List
$List = $Ctx.web.Lists.GetByTitle($ListName)

#Get the Group
$Group=$ctx.Web.SiteGroups.GetByName($GroupName)
$ctx.Load($Group)
$ctx.ExecuteQuery()

$Query = New-Object Microsoft.SharePoint.Client.CamlQuery
$Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"
  
#Batch process list items - to mitigate list threshold issue on larger lists
Do {  
    #Get items from the list in batches
    $ListItems = $List.GetItems($Query)
    $Ctx.Load($ListItems)
    $Ctx.ExecuteQuery()
            
    $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
   
    #Loop through each List item
    ForEach($ListItem in $ListItems)
    {
        #Check if List Item has unique permissions
        Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments"
        $Ctx.ExecuteQuery()
 
        #Break Item's permission Inheritance, if its inheriting permissions from the parent
        if (-not $ListItem.HasUniqueRoleAssignments)
        {
            $ListItem.BreakRoleInheritance($true, $false) #keep the existing permissions: Yes -  Clear listitems permissions: No
            $ctx.ExecuteQuery()
        }

        #Get the role - Permission Level
        $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
        $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
        $RoleDB.Add($Role)
          
        #Assign permissions
        $GroupPermissions = $ListItem.RoleAssignments.Add($Group,$RoleDB)
        $ListItem.Update()
        $Ctx.ExecuteQuery()
 
        Write-host -ForegroundColor Green ("Group Added to List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"])
    }    
} While ($Query.ListItemCollectionPosition -ne $null)

PnP PowerShell to Add User to All Items in a SharePoint Online List

This handy PnP PowerShell lets you quickly give access to everything in your list without having to go through and add permissions for each item manually:

#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/sites/Marketing"
$ListName ="Projects"
$UserID="[email protected]"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get all list items
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
ForEach($ListItem in $ListItems)
{
    #Grant permission on List Item to User
    Set-PnPListItemPermission -Identity $ListItem.ID -List $ListName -AddRole "Edit" -User $UserID
}

These scripts work for all files in a document library too! To grant access to all folders in a SharePoint Online document library, use: Grant Permission to Each Folder in a Document Library in SharePoint Online using PowerShell?

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

SharePoint Diary

SharePoint Online: Grant Permission to a User on All Items in the List using PowerShell

PowerShell to Grant Permissions to a User on All Items in a List in SharePoint Online

PnP PowerShell to Add User to All Items in a SharePoint Online List

Salaudeen Rajack

Leave a Reply Cancel reply

Switch between Document Libraries with Document Library Dropdown Menu in SharePoint Online and OneDrive

Hide a Button in SharePoint Online List or document library Toolbar

SharePoint Online: Switch Navigation to Horizontal or Vertical

SharePoint Online: How to Enable Global Navigation using App Bar?

How to Connect to Exchange Online using PowerShell?

How to Copy Permissions from One Folder to Another in SharePoint Online using PowerShell?

Microsoft Teams: How to Enable Guest User Access?

How to Copy User Permissions in SharePoint Online using PowerShell?

How to Bulk Invite Guest Users to Azure AD?

SharePoint Online: How to Change the Author in Modern Page?