SharePoint Online: Update Permission Level using PowerShell
Requirement: Update Permission Level in SharePoint Online
SharePoint Online: How to Edit a Permission Level?
We have had a permission level "Contribute without delete" which allows users to add/edit items but not delete. Now, we got a new requirement to exclude edit also from the permission level so that it prevents users from editing list items, even their own! So how to change the permission level in SharePoint?
To edit an existing permission level in SharePoint Online, follow these steps:
PowerShell to Remove Permission from Permission Level in SharePoint Online:
Let's remove "Delete Items" permission from an existing permission level.
SharePoint Online: Add Permission to Permission Level using PowerShell
Similarly, You can add a permission to permission level with below PowerShell script.
To get all base permissions, refer: https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-csom/ee536458(v%3Doffice.15)
Here is my other posts on permission levels:
SharePoint Online: How to Edit a Permission Level?
We have had a permission level "Contribute without delete" which allows users to add/edit items but not delete. Now, we got a new requirement to exclude edit also from the permission level so that it prevents users from editing list items, even their own! So how to change the permission level in SharePoint?
To edit an existing permission level in SharePoint Online, follow these steps:
- Navigate to SharePoint Online Site collection where you want the permission level to be edited.
- Click on Settings gear >> Select Site Settings from the Settings menu.
- On the Site Settings page, Click on "Site Permissions" link under Users and Permissions section.
- On the Permissions page, Click on "Permission Levels" button from the Permissions tab of the ribbon.
- In Permission Levels page, Click on the permission level you want to edit.
- Uncheck the tick boxes next to the permission to remove it from the permission level. E.g. I've removed "Edit Items" from the permission level. Similarly, you can add any permission to include it.
- Scroll down and click on "Submit" button to save your changes.
PowerShell to Remove Permission from Permission Level in SharePoint Online:
Let's remove "Delete Items" permission from an existing permission level.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$PermissionLevelName = "Contribute Without Delete"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
#Get the role definition by name
$RoleDefinition = $Ctx.web.RoleDefinitions.GetByName($PermissionLevelName)
$Ctx.Load($RoleDefinition)
$Ctx.ExecuteQuery()
#Remove "Delete Items" Permission from the Permission Level
$BasePermissions = New-Object Microsoft.SharePoint.Client.BasePermissions
$BasePermissions = $RoleDefinition.BasePermissions
$BasePermissions.Clear([Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems)
$RoleDefinition.BasePermissions = $BasePermissions
$RoleDefinition.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "Permission Level has been Updated!"
}
catch {
write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}
SharePoint Online: Add Permission to Permission Level using PowerShell
Similarly, You can add a permission to permission level with below PowerShell script.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$PermissionLevelName = "Contribute Without Delete"
#Get Credentials to connect
$Cred = Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
#Get the role definition by name
$RoleDefinition = $Ctx.web.RoleDefinitions.GetByName($PermissionLevelName)
$Ctx.Load($RoleDefinition)
$Ctx.ExecuteQuery()
#Add "Delete Items" Permission to the Permission Level
$BasePermissions = New-Object Microsoft.SharePoint.Client.BasePermissions
$BasePermissions = $RoleDefinition.BasePermissions
$BasePermissions.Set([Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems)
$RoleDefinition.BasePermissions = $BasePermissions
$RoleDefinition.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "Permission Level has been Updated!"
}
catch {
write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}
To get all base permissions, refer: https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-csom/ee536458(v%3Doffice.15)
Here is my other posts on permission levels:
I saw the code above and was wondering if there is a way to update permission level permissions for SharePoint on-premises using PowerShell? I've spent a lot of time searching on how to do this, but I only get results relating to SharePoint Online. Please add to the page or create a new one if anyone knows a way to update permission level permissions for SharePoint server
ReplyDeleteHere you go: How to Update a permission level in SharePoint using PowerShell?
Delete