SharePoint Online: Grant Site Permissions to User with PowerShell

Requirement: Grant permissions to a SharePoint Online site using PowerShell.

How to Grant Access to a SharePoint Online Site?

When working with SharePoint Online, a common task is to add users to the site. In SharePoint Online, it is easy to grant access to a site for specific users or groups and can be done in a few simple steps, which we will walk you through below. You may need to add users to the site in situations such as when you want to collaborate with others on a project, when you need to share information with a wider audience, or when you want to give users access to certain features or resources within the site. There are several ways to grant access to a SharePoint Online site, including using the user interface, or PowerShell. In this post, we will outline the steps for granting access to a SharePoint Online site.

In SharePoint Online modern sites, the default granularity options for accessing SharePoint content are as follows:

  • Full Control, which is granted to Owners
  • Edit, which is given to Members
  • Read, which is granted to Visitors (guests).

How to share a SharePoint site?

Follow these steps to provide access to any SharePoint Online site:

  1. Navigate to your SharePoint Online site, click on the “Settings” gear, and then click on the “Site Permissions” link in the settings menu. 1.add user to site sharepoint online
  2. Click on the “Share Site” Button on the permissions pane.provide permission to sharepoint online
  3. Type the user name and select the user to grant access.grant access to user in sharepoint onine
  4. Select the permission level, such as “Read”. Set the option “Send Email” to send out an email to the user or not. Optionally, you can add a message. Grant Site Permissions in sharepoint online
  5. Click on Add to complete.

In the Group connected sites, You’ll see “Invite People” under the site permissions page with options to “Add members to group” and “Share site only”.

grant access to group connected site in sharepoint online

SharePoint Online: PowerShell to Set Site Permissions

Let’s use PowerShell to grant access to SharePoint Online. The below PowerShell script directly adds users to the site with “Contribute” permissions. This can be especially useful when managing large numbers of sites or users, as it eliminates the need to manually grant access through the user interface.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
   
#Variables for Processing
$SiteURL = "https://crescent.sharepoint.com/Sites/warehouse"
$UserAccount = "Salaudeen@crescent.com"
$PermissionLevel = "Contribute"

#Setup Credentials to connect
$Cred = Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
      
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()

    #Ensure the user
    $User=$web.EnsureUser($UserAccount)
    $Ctx.Load($User)
    $Ctx.ExecuteQuery()

    #Get the Permission Level  
    $RoleDefinition = $web.RoleDefinitions.GetByName($PermissionLevel) 
    $RoleAssignment = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    $RoleAssignment.Add($RoleDefinition)  
    
    #Assign Role Assignment to User
    $Permissions = $Web.RoleAssignments.Add($User,$RoleAssignment) 
    $Web.Update()
    $Ctx.ExecuteQuery()
  
    Write-host  -f Green "User '$UserAccount' has been Granted with Access '$PermissionLevel'!"
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Other than granting direct site permissions to a user in SharePoint Online, You can add a user to a site group using the SharePoint Online Management Shell. By using the Connect-SPOService cmdlet to connect to SharePoint Online and the Add-SPOUser cmdlet, you can easily grant site permissions to a specific user by adding them to a SharePoint Group. More here: SharePoint Online: How to Add User to a Group using PowerShell?

PnP PowerShell to Grant Permission to User

We can provide permissions to the site directly without adding users to existing site groups. Here is the PnP PowerShell to add a user to a site in SharePoint Online:

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Warehouse" 
$UserAccount = "Salaudeen@crescent.com"
$PermissionLevel = "Contribute"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive    

#grant access to sharepoint online site with powershell
Set-PnPWebPermission -User $UserAccount -AddRole $PermissionLevel

In summary, granting site permissions to a user in SharePoint Online is a simple process that can be accomplished using PowerShell. By following the steps outlined in this article, you should be able to grant site permissions to a specific user in SharePoint Online easily and manage the user’s access to the site. It’s worth noting that when granting site permissions to a user, you should also consider other factors such as SharePoint groups, security groups, and other permissions that may affect their access.

This PowerShell adds permissions to the SharePoint Online site. To assign permission at a list or library level, user: How to Grant Permission to List or Library in SharePoint Online using PowerShell?

How to give access to external users in SharePoint Online?

Assuming external sharing is enabled in your environment, To share a SharePoint site with an external user: Login to your SharePoint Online site >> Click on the “Share” button from the top-right section of the page. In the Share site pane, Enter the Emails of External users and click on the “Share” button at the bottom.
More info: Grant access to external users in SharePoint Online

How to restrict access to a folder in SharePoint online?

To limit access to a folder in SharePoint Online, follow these steps: Go to the document library, where the target folder is located. Click on “Manage access” from the context menu of the folder >> Click on the “Advanced” link >> Click on the “Stop Inhering Permissions”. To restrict access to the folder in SharePoint Online, select all the users on the folder permissions page and click on “Remove User Permissions”.
More info: Restrict access to a folder in SharePoint Online

How to give permission to document the library in SharePoint Online?

To grant permissions to a list or document library, Go to the document library’s settings page, click on “Permissions for this list/document library,” and stop inheriting permissions from its parent first. Now, click on the “Grant Permissions” button and enter names or email addresses to share the document library.
More info: Share a document library in SharePoint Online

How to remove unique permissions in SharePoint Online?

To reset permission inheritance for a list or library, browse to the list or library >> Click on Settings >> List / Library Settings. Click on the “Permissions For This List” and Click on Delete Unique Permissions.
More info: Reset SharePoint Online permissions to Default

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

One thought on “SharePoint Online: Grant Site Permissions to User with PowerShell

  • Hello
    I followed your script but coundnot able to grant permission to User
    Am I missing something?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *