SharePoint Online: Update Permission Level using PowerShell

Requirement: Update Permission Level in SharePoint Online

SharePoint Online: How to Edit a Permission Level?
We have had a permission level "Contribute without delete" which allows users to add/edit items but not delete. Now, we got a new requirement to exclude edit also from the permission level so that it prevents users from editing list items, even their own! So how to change the permission level in SharePoint?

To edit an existing permission level in SharePoint Online, follow these steps:
  1. Navigate to SharePoint Online Site collection where you want the permission level to be edited.
  2. Click on Settings gear >> Select Site Settings from the Settings menu.
  3. On the Site Settings page, Click on "Site Permissions" link under Users and Permissions section.
  4. On the Permissions page, Click on "Permission Levels" button from the Permissions tab of the ribbon. 
  5. In Permission Levels page, Click on the permission level you want to edit. 
    sharepoint online edit permission level
  6. Uncheck the tick boxes next to the permission to remove it from the permission level. E.g. I've removed "Edit Items" from the permission level. Similarly, you can add any permission to include it.
    sharepoint online change permission level
  7. Scroll down and click on "Submit" button to save your changes. 
This updates the permission level with selected permissions in SharePoint Online!


PowerShell to Remove Permission from Permission Level in SharePoint Online:
Let's remove "Delete Items" permission from an existing permission level.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$PermissionLevelName = "Contribute Without Delete"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

    #Get the role definition by name
    $RoleDefinition = $Ctx.web.RoleDefinitions.GetByName($PermissionLevelName)
    $Ctx.Load($RoleDefinition)
    $Ctx.ExecuteQuery()
    
    #Remove "Delete Items" Permission from the Permission Level
    $BasePermissions = New-Object Microsoft.SharePoint.Client.BasePermissions
    $BasePermissions = $RoleDefinition.BasePermissions
    $BasePermissions.Clear([Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems)
    $RoleDefinition.BasePermissions =  $BasePermissions
    $RoleDefinition.Update()
    $Ctx.ExecuteQuery()   
    
    Write-host -f Green "Permission Level has been Updated!"
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

SharePoint Online: Add Permission to Permission Level using PowerShell
Similarly, You can add a permission to permission level with below PowerShell script
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$PermissionLevelName = "Contribute Without Delete"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

    #Get the role definition by name
    $RoleDefinition = $Ctx.web.RoleDefinitions.GetByName($PermissionLevelName)
    $Ctx.Load($RoleDefinition)
    $Ctx.ExecuteQuery()
    
    #Add "Delete Items" Permission to the Permission Level
    $BasePermissions = New-Object Microsoft.SharePoint.Client.BasePermissions
    $BasePermissions = $RoleDefinition.BasePermissions
    $BasePermissions.Set([Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems)
    $RoleDefinition.BasePermissions =  $BasePermissions
    $RoleDefinition.Update()
    $Ctx.ExecuteQuery()   
    
    Write-host -f Green "Permission Level has been Updated!"
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

To get all base permissions, refer: https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-csom/ee536458(v%3Doffice.15)

Here is my other posts on permission levels:
SharePoint Online: Update Permission Level using PowerShell SharePoint Online: Update Permission Level using PowerShell Reviewed by Salaudeen Rajack on January 06, 2019 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.