File Permission SharePoint SharePoint Online 

SharePoint Online: How to Grant Permissions to a Document?

Salaudeen Rajack 0 Comments , , , , , , ,

Requirement: Share a document in SharePoint Online.

Permissions are hierarchical in SharePoint Online, from the Top-level Site collection to the file level. When documents are created in the libraries, they inherit the permissions of that library by default. However, This inheritance can be broken, and permissions can be applied directly to the files. To set unique permissions on documents, you need to configure permissions on the file level. In this blog post, we will explore how to share files in SharePoint to enhance file sharing within your organization.

Understanding File Sharing in SharePoint

Before we jump into the nitty-gritty of how to share files, let’s take a moment to understand the basics of file sharing in SharePoint.

Why Share Files in SharePoint?

SharePoint is all about collaboration and teamwork. By sharing files in SharePoint, you enable your colleagues to access, view, edit, and collaborate on documents seamlessly. It eliminates the need for endless email attachments and version confusion, making your work life a whole lot easier.

SharePoint Permission Levels

When it comes to sharing files in SharePoint, permissions play a crucial role. SharePoint offers different permission levels that determine what actions users can perform on a file. Here are the common permission levels you should know:

  • Read: Users with this permission can view the file but cannot make any changes.
  • Contribute: Users can view, add, update, and delete files.
  • Edit: Similar to Contribute, but users can also manage lists and document libraries.
  • Full Control: Users have complete control over the file and can perform all actions, including managing permissions.

Understanding these permission levels will help you grant the right access to the right people when sharing files.

How to share a document in SharePoint?

Let’s say you’re working on a project proposal in SharePoint, and you need to share the document with your team members for their input. Here’s how you can share the file:

  1. Navigate to the document library where the file is stored.
  2. Right-click on the file and click on the “Share” option (You can also select the file and click on the “Share” button on the toolbar).
    how to share a document in sharepoint
  3. Enter the email addresses or names of your team members.
  4. Set the appropriate permissions for each team member (e.g., Edit for those who need to make changes, Read for those who only need to review).
  5. Optionally, you can add a message like, “Hey team, please review the attached project proposal and provide your feedback by the end of the week.”
  6. Click “Send” to share the file with your team.
    how to share a file in sharepoint

By using these methods, you can effectively restrict access to a document in SharePoint and ensure that only authorized individuals can view or edit it.

How to Provide Access to a File in SharePoint Online?

We have a business requirement to provide access to a specific file in SharePoint. To set explicit permissions on SharePoint Online files, we need to break the permission inheritance first (stop inheriting permissions) and then add a user or group to the file. Here’s how:

  1. Go to the SharePoint Online library where the file is stored >> Select the file for which you want to provide unique permissions. 
  2. Right-click on the file to which you would like to grant permission. Then click on “Manage access” from the context menu (you can also use “Manage Access” from the information panel). grant access to a document in sharepoint online
  3. On the Manage access page, click on the “Advanced” link. set permission to folder in sharepoint online
  4. On the Permissions tab, in the Inheritance group, click the “Stop Inheriting Permissions” button. Confirm the prompt. set access to a file in sharepoint online
  5. Now, from the ribbon, click on the “Grant Permissions.” button.grant access to a file in sharepoint online
  6. In the Share popup, enter names or email addresses. Click the Show Options button. In the Select a permission level list box, select the appropriate permission level, such as Edit. grant permission to a document in sharepoint online
  7. Click Share.

Having too many Item level permissions often leads to performance issues! So, be careful.

SharePoint Online: Set Document Permissions using PowerShell

How to grant file-level permission for SharePoint Online? Here is my PowerShell to grant permissions to a document in SharePoint Online.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
    
#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"
$ListName ="Documents"
$FileServerRelativeURL="/sites/Retail/Shared Documents/Classified/Payment Guidelines.pdf"
$UserID="Steve@crescent.com"
$GroupName="Retail Members"
$PermissionLevel="Edit"
 
#Get Credentials to connect
$Cred = Get-Credential

Try { 
    #Set up the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl) 
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
  
    #get file from url
    $File = $Ctx.web.GetFileByUrl($FileServerRelativeURL)
    $Ctx.Load($File)
    $Ctx.Load($File.ListItemAllFields)
    $Ctx.ExecuteQuery()

    #Check if the File has unique permissions
    $ListItem = $File.ListItemAllFields
    $ListItem.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()
    If(!$ListItem.HasUniqueRoleAssignments)
    {
        $ListItem.BreakRoleInheritance($false, $false) #keep the existing permissions: No -  Clear list items permissions: No
        $ctx.ExecuteQuery()
    }
    
    #Get the User
    $User = $Ctx.Web.EnsureUser($UserID)
    $Ctx.load($User)
    $Ctx.ExecuteQuery()
    
    #Get the Group
    $Group =$Ctx.Web.SiteGroups.GetByName($GroupName)
    $Ctx.load($Group)
    $Ctx.ExecuteQuery()
    
    #Get the role 
    $Role = $Ctx.web.RoleDefinitions.GetByName($PermissionLevel)
    $RoleDB = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
    $RoleDB.Add($Role)
         
    #Assign permissions
    $UserPermissions =  $ListItem.RoleAssignments.Add($User,$RoleDB)
    $GroupPermissions = $ListItem.RoleAssignments.Add($Group,$RoleDB)
    $ListItem.Update()
    $Ctx.ExecuteQuery()
    
    Write-host -f Green "Permission granted to File Successfully!"
}
Catch {
    write-host "Error: $($_.Exception.Message)" -Foregroundcolor Red
}

This script grants permission on the Item level for a given user and group.

PnP PowerShell to Set File Level Permission

To change the permission for files in SharePoint Online using PowerShell, use: Set-PnPListItemPermission cmdlet. 

#Config Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Retail"
$ListName ="Documents"
$FileServerRelativeURL="/sites/Retail/Shared Documents/Classified/Payment Guidelines.pdf"
$UserID="Steve@crescent.com"
$GroupName="Retail Members"

 Try {
    #Connect to PnP Online
    Connect-PnPOnline -Url $SiteURL -Interactive

    #Get the File as List Item
    $File = Get-PnPFile -Url $FileServerRelativeURL -AsListItem

    #Get the Group
    $Group = Get-PnPGroup | where-Object {$_.Title -eq $GroupName}

    #Grant Edit permission to User - Remove all existing permissions
    Set-PnPListItemPermission -Identity $File.ID -List $ListName -AddRole "Edit" -User $UserID -ClearExisting

    #Grant permission to Group
    Set-PnPListItemPermission -Identity $File.ID -List $ListName -AddRole "Read" -Group $Group
}
Catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

You can get all available permissions to add or remove using the Get-PnPRoleDefinition cmdlet.  We can grant permission to all list items as in: SharePoint Online: Grant Permission to All Items in a List or Library using PowerShell

Conclusion

In conclusion, sharing files in SharePoint is a fundamental aspect of effective collaboration within an organization. By understanding the various sharing options, permission levels, and methods to restrict access, users can ensure that files are shared securely and efficiently with the appropriate individuals.

This comprehensive guide has provided a detailed walkthrough of the file-sharing process in SharePoint, including step-by-step instructions and real-world examples. Whether you are a beginner or an experienced SharePoint user, mastering these techniques will enable you to streamline your workflow, enhance collaboration, and maintain the security of your files.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *