Folder Permission PnP PowerShell PowerShell SharePoint Online 

How to Copy Permissions from One Folder to Another in SharePoint Online using PowerShell?

Salaudeen Rajack 5 Comments ,

Requirement: Copy permissions from one folder to another in SharePoint Online.

How to Copy Permissions from One Folder to Another in SharePoint Online using PowerShell?

SharePoint Online Copy Permissions from one folder to Another using PowerShell

Ever wanted to clone permissions from an existing folder to a new folder in SharePoint Online? When working with SharePoint Online, there may be times when you need to copy permissions from one folder to another. It can be a tedious process if you have to do it manually, and there are no easier ways to do this without using 3rd party tools. Well, Not anymore! Here is the PowerShell script to copy permissions from one folder to another in SharePoint Online!

#PowerShell Function to copy permissions between Folders in SharePoint Online
Function Copy-PnPFolderPermissions
{
    [cmdletbinding()]
     param(
         [Parameter(Mandatory=$True)] [string] $WebURL,
         [Parameter(Mandatory=$True)] [string] $SourceFolderURL,
         [Parameter(Mandatory=$True)] [string] $TargetFolderURL,
         [Parameter(Mandatory=$False)] [Bool] $AppendToExisting = $True
     )
    Try {
        #Connect to PnP Online
        Connect-PnPOnline -Url $WebURL -Interactive

        #Get the Web
        $Web = Get-PnPweb
        $Ctx = Get-PnPContext

        #Get Source and Target Folders
        $SourceFolderItem = Get-PnPFolder -Url $SourceFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments
        $SourceFolder = $SourceFolderItem.ListItemAllFields
        $TargetFolderItem = Get-PnPFolder -Url $TargetFolderURL -Includes ListItemAllFields.HasUniqueRoleAssignments
        $TargetFolder = $TargetFolderItem.ListItemAllFields

        #if permissions are Inherited in Target Folder, Break the Inheritance
        If(!$TargetFolder.HasUniqueRoleAssignments)
        {
            If($AppendToExisting -eq $True)
            {
                #Break Folder permissions - keep all existing permissions & Clear Item level permissions
                $TargetFolder.BreakRoleInheritance($True,$False)
            }
            else
            {
                $TargetFolder.BreakRoleInheritance($False,$False)
            }
        }
        Else #If the Folder has unique Permissions already
        {
            If($AppendToExisting -eq $False)
            {
                $TargetFolder.ResetRoleInheritance()
                $TargetFolder.BreakRoleInheritance($False,$False)
            }
        }
        Invoke-PnPQuery

        #Get all permissions assigned to the source folder
        $SourceRoleAssignments = Get-PnPProperty -ClientObject $SourceFolder -Property RoleAssignments
 
        #Copy Source Folder permissions to Destination Folder
        ForEach($RoleAssignment in $SourceRoleAssignments)
        {
            #Get RoleDefinitions of the Role Assignment
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

            #Leave the Hidden permissions
            If($RoleAssignment.Member.IsHiddenInUI -eq $False)
            {
                $SourcePermissions = $RoleAssignment.RoleDefinitionBindings | Where {$_.Name -notin("Limited Access")}
                $PermissionLevels = ($SourcePermissions | Select -ExpandProperty Name) -join "; "

                If($SourcePermissions -ne $null)
                {
                    #Add Source Folder's Permission Level to the Target Folder
                    $RoleDefBindings = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Ctx)
                    ForEach($RoleDefinition in $SourcePermissions)
                    {
                        $RoleDefBindings.Add($RoleDefinition)
                    }
                    $Permissions = $TargetFolder.RoleAssignments.Add($RoleAssignment.Member,$RoleDefBindings)
                    $TargetFolder.Update()
                    Invoke-PnPQuery
                    Write-host "Copied '$($RoleAssignment.Member.Title)' with Permissions '$PermissionLevels'"
                }
            }
        }
    }
    Catch {
        write-host -f Red "Error Copying Folder Permissions!" $_.Exception.Message
    }
}

#Set Parameters
$WebURL = "https://crescent.sharepoint.com/sites/Marketing"

#Server Relative URLs of Source and Target Folders
$SourceFolderURL = "/sites/Marketing/Shared Documents/Old"
$TargetFolderURL = "/sites/Marketing/Shared Documents/New"

#Call the function to copy Folder permissions 
Copy-PnPFolderPermissions -WebURL $WebURL -SourceFolderURL $SourceFolderURL -TargetFolderURL $TargetFolderURL

This script appends to existing permissions of the target folder by default. You can pass an optional parameter for -AppendToExisting with “$False” if you want to clear all existing permissions of the target folder and copy permissions from the source folder.

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

5 thoughts on “How to Copy Permissions from One Folder to Another in SharePoint Online using PowerShell?

  • Excellent info and I would share that also you can use Sharegate or Gs Richcopy 360, all have the needed features to copy permissions to Sharepoint online, also can copy folders and files with preserving timestamps, and can copy modified data only.

    Reply

  • How could this be tweaked to iterate and include all subfolders? Use case, I am copying a folder structure then I want to apply the permissions from the source folder structure to the newly copied folders. how could this be used to not just copy permissions from the top folder but also include any subfolders? Thank you.

    Reply

  • will this copy the data meta information forexample, modified by and modified date information?

    Reply

      • do you have a template that copies folder permissions from a structure?

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *