SharePoint Online: Remove User Permission from All List Items using PowerShell
Requirement: Remove user from all items in a list.
SharePoint Online: Remove User Permissions from All Items using PowerShell
There are multiple items with unique permissions in a SharePoint Online list where a specific user is granted access. There is a requirement to remove the particular user from all list items where he has access. Here is the PowerShell for SharePoint Online to remove item-level permissions:
SharePoint Online: Remove User Permissions from All Items using PowerShell
There are multiple items with unique permissions in a SharePoint Online list where a specific user is granted access. There is a requirement to remove the particular user from all list items where he has access. Here is the PowerShell for SharePoint Online to remove item-level permissions:
#Load SharePoint Online Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" ##Variables for Processing $SiteUrl = "https://crescent.sharepoint.com/sites/marketing" $ListName= "Migration Documents" $UserAccount = "i:0#.f|membership|[email protected]" #To call a non-generic method Load Function Invoke-LoadMethod() { param( [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName ) $ctx = $Object.Context $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") $type = $Object.GetType() $clientLoad = $load.MakeGenericMethod($type) $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name) $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter)) $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1) $ExpressionArray.SetValue($Expression, 0) $clientLoad.Invoke($ctx,@($Object,$ExpressionArray)) } #Get Credentials to connect $Cred= Get-Credential #Set up the context $Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) $Context.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password) #Get the List $List = $Context.web.Lists.GetByTitle($ListName) #Get the User $User = $Context.Web.EnsureUser($UserAccount) $Context.Load($User) $Context.ExecuteQuery() $Query = New-Object Microsoft.SharePoint.Client.CamlQuery $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>" #Batch process list items - to mitigate list threashold issue on larger lists Do { #Get items from the list in batches $ListItems = $List.GetItems($Query) $Context.Load($ListItems) $Context.ExecuteQuery() $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition #Loop through each List item ForEach($ListItem in $ListItems) { Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments" $Context.ExecuteQuery() If($ListItem.HasUniqueRoleAssignments -eq $true) { #Get List Item Permissions $Context.Load($ListItem.RoleAssignments) $Context.ExecuteQuery() Foreach($RoleAssignment in $ListItem.RoleAssignments) { $Context.Load($RoleAssignment.Member) $Context.executeQuery() #Is the current user is the user we search for? If($RoleAssignment.Member.LoginName -eq $User.LoginName) { #Remove User from List Item Permissions $ListItem.RoleAssignments.GetByPrincipal($User).DeleteObject() $Context.ExecuteQuery() Write-host -ForegroundColor Green ("User Removed from List Item Permissions ID {0} at {1}" -f $ListItem.ID,$ListItem["FileRef"]) } } } } $Context.ExecuteQuery() } While ($Query.ListItemCollectionPosition -ne $null)This PowerShell script removes the user from all items where the user has access.
No comments:
Please Login and comment to get your questions answered!