How to Copy Permissions from One List to Another in SharePoint Online using PowerShell?

Requirement: Copy permissions from one list to another in SharePoint Online.

PowerShell to Copy Permissions Between SharePoint Online Lists and Libraries

There are no ways to clone permissions from an existing list to a new list in SharePoint Online without using 3rd party tools. Well, Not anymore! Here is the PowerShell script to copy permissions from one list to another list in SharePoint Online!

#PowerShell Function to copy permissions between Lists in SharePoint
Function Copy-PnPListPermissions
{
    [cmdletbinding()]
     param(
         [Parameter(Mandatory=$True)] [string] $WebURL,
         [Parameter(Mandatory=$True)] [string] $SourceListName,
         [Parameter(Mandatory=$True)] [string] $TargetListName,
         [Parameter(Mandatory=$False)] [Bool] $AppendToExisting = $True
     )
    Try {
        #Connect to PnP Online
        Connect-PnPOnline -Url $WebURL -Interactive

        #Get the Web
        $Web = Get-PnPweb
        $Ctx = Get-PnPContext

        #Get Source and Target Lists
        $SourceList = Get-PnPList $SourceListName  -Includes HasUniqueRoleAssignments -ThrowExceptionIfListNotFound
        $TargetList = Get-PnPList $TargetListName  -Includes HasUniqueRoleAssignments -ThrowExceptionIfListNotFound

        #if permissions are Inherited in Target List, Break the Inheritance
        If(!$TargetList.HasUniqueRoleAssignments)
        {
            If($AppendToExisting -eq $True)
            {
                Set-PnPList -Identity $TargetList -BreakRoleInheritance -CopyRoleAssignments
            }
            else
            {
                Set-PnPList -Identity $TargetList -BreakRoleInheritance
            }
        }
        Else #If the List has unique Permissions already
        {
            If($AppendToExisting -eq $False)
            {
                Set-PnPList -Identity $TargetList -ResetRoleInheritance
                Set-PnPList -Identity $TargetList -BreakRoleInheritance
            }
        }

        #Get all users and group permissions assigned to the source object
        $SourceRoleAssignments = Get-PnPProperty -ClientObject $SourceList -Property RoleAssignments
 
        #Copy Source list permissions to Destination List
        ForEach($RoleAssignment in $SourceRoleAssignments)
        {
            #Get RoleDefinitions of the Role Assignment
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

            #Leave the Hidden permissions
            If($RoleAssignment.Member.IsHiddenInUI -eq $False)
            {
                $SourcePermissions = $RoleAssignment.RoleDefinitionBindings | Where {$_.Name -notin("Limited Access")}
                $PermissionLevels = ($SourcePermissions | Select -ExpandProperty Name) -join "; "

                If($SourcePermissions -ne $null)
                {
                    #Grant Source List's Permission Level to the Target List
                    $RoleDefBindings = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
                    ForEach($RoleDefinition in $SourcePermissions)
                    {
                        $RoleDefBindings.Add($RoleDefinition)
                    }
                    $Permissions = $TargetList.RoleAssignments.Add($RoleAssignment.Member,$RoleDefBindings)
                    $TargetList.Update()
                    Invoke-PnPQuery
                    Write-host "Copied '$($RoleAssignment.Member.Title)' with Permissions '$PermissionLevels'"
                }
            }
        }
    }
    Catch {
        write-host -f Red "Error Copying List Permissions!" $_.Exception.Message
    }
}

#Set Parameters
$WebURL = "https://crescent.sharepoint.com/sites/Marketing"
$SourceListName = "Documents"
$TargetListName = "Migration"

#Call the function to copy list permissions 
Copy-PnPListPermissions -WebURL $WebURL -SourceListName $SourceListName -TargetListName $TargetListName

This script appends to existing permissions of the target list by default. You can pass an optional parameter for -AppendToExisting with “$False” in case you want to clear all existing permissions of the target list and copy permissions from the source list.

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply