SharePoint Online: Grant Site Permissions to User with PowerShell
Requirement: Grant permissions to a SharePoint Online site using PowerShell.
How to Grant Access to a SharePoint Online Site?
When working with SharePoint Online, a common task is to add users to the site. In SharePoint Online, it is easy to grant access to a site for specific users or groups and can be done in a few simple steps, which we will walk you through below. You may need to add users to the site in situations such as when you want to collaborate with others on a project, when you need to share information with a wider audience, or when you want to give users access to certain features or resources within the site. There are several ways to grant access to a SharePoint Online site, including using the user interface, or PowerShell. In this post, we will outline the steps for granting access to a SharePoint Online site.
In SharePoint Online modern sites, the default granularity options for accessing SharePoint content are as follows:
- Full Control, which is granted to Owners
- Edit, which is given to Members
- Read, which is granted to Visitors (guests).
How to share a SharePoint site?
Follow these steps to provide access to any SharePoint Online site:
- Navigate to your SharePoint Online site, click on the “Settings” gear, and then click on the “Site Permissions” link in the settings menu.
- Click on the “Share Site” Button on the permissions pane.
- Type the user name and select the user to grant access.
- Select the permission level, such as “Read”. Set the option “Send Email” to send out an email to the user or not. Optionally, you can add a message.
- Click on Add to complete.
In the Group connected sites, You’ll see “Invite People” under the site permissions page with options to “Add members to group” and “Share site only”.
SharePoint Online: PowerShell to Set Site Permissions
Let’s use PowerShell to grant access to SharePoint Online. The below PowerShell script directly adds users to the site with “Contribute” permissions. This can be especially useful when managing large numbers of sites or users, as it eliminates the need to manually grant access through the user interface.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Variables for Processing
$SiteURL = "https://crescent.sharepoint.com/Sites/warehouse"
$UserAccount = "Salaudeen@crescent.com"
$PermissionLevel = "Contribute"
#Setup Credentials to connect
$Cred = Get-Credential
Try {
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
#Get the Web
$Web = $Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Ensure the user
$User=$web.EnsureUser($UserAccount)
$Ctx.Load($User)
$Ctx.ExecuteQuery()
#Get the Permission Level
$RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel)
$RoleAssignment = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
$RoleAssignment.Add($RoleDefinition)
#Assign Role Assignment to User
$Permissions = $Web.RoleAssignments.Add($User,$RoleAssignment)
$Web.Update()
$Ctx.ExecuteQuery()
Write-host -f Green "User '$UserAccount' has been Granted with Access '$PermissionLevel'!"
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
Other than granting direct site permissions to a user in SharePoint Online, You can add a user to a site group using the SharePoint Online Management Shell. By using the Connect-SPOService cmdlet to connect to SharePoint Online and the Add-SPOUser cmdlet, you can easily grant site permissions to a specific user by adding them to a SharePoint Group. More here: SharePoint Online: How to Add User to a Group using PowerShell?
PnP PowerShell to Grant Permission to User
We can provide permissions to the site directly without adding users to existing site groups. Here is the PnP PowerShell to add a user to a site in SharePoint Online:
#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Warehouse"
$UserAccount = "Salaudeen@crescent.com"
$PermissionLevel = "Contribute"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
#grant access to sharepoint online site with powershell
Set-PnPWebPermission -User $UserAccount -AddRole $PermissionLevel
In summary, granting site permissions to a user in SharePoint Online is a simple process that can be accomplished using PowerShell. By following the steps outlined in this article, you should be able to grant site permissions to a specific user in SharePoint Online easily and manage the user’s access to the site. It’s worth noting that when granting site permissions to a user, you should also consider other factors such as SharePoint groups, security groups, and other permissions that may affect their access.
This PowerShell adds permissions to the SharePoint Online site. To assign permission at a list or library level, user: How to Grant Permission to List or Library in SharePoint Online using PowerShell?
Assuming external sharing is enabled in your environment, To share a SharePoint site with an external user: Login to your SharePoint Online site >> Click on the “Share” button from the top-right section of the page. In the Share site pane, Enter the Emails of External users and click on the “Share” button at the bottom.
More info: Grant access to external users in SharePoint Online
To limit access to a folder in SharePoint Online, follow these steps: Go to the document library, where the target folder is located. Click on “Manage access” from the context menu of the folder >> Click on the “Advanced” link >> Click on the “Stop Inhering Permissions”. To restrict access to the folder in SharePoint Online, select all the users on the folder permissions page and click on “Remove User Permissions”.
More info: Restrict access to a folder in SharePoint Online
To grant permissions to a list or document library, Go to the document library’s settings page, click on “Permissions for this list/document library,” and stop inheriting permissions from its parent first. Now, click on the “Grant Permissions” button and enter names or email addresses to share the document library.
More info: Share a document library in SharePoint Online
To reset permission inheritance for a list or library, browse to the list or library >> Click on Settings >> List / Library Settings. Click on the “Permissions For This List” and Click on Delete Unique Permissions.
More info: Reset SharePoint Online permissions to Default
Hello
I followed your script but coundnot able to grant permission to User
Am I missing something?