Introduction
In this blog, we are going to discuss SharePoint permissions in different scenarios, like how to assign & remove permission to a user, and how to assign unique permission. Also, we will retrieve the users and the corresponding role associated with them.
SharePoint permissions are used for assigning different types of roles/permission to different users. A user can perform activity according to the permission or role which is assigned to the user. There are different types of permissions/roles available in SharePoint.
Here, we will use PnP Online to perform permission tasks. Please follow the below code snippet and the steps given to perform the permission tasks.
Step 1
Let's open the Windows PowerShell ISE as an administrator, and then run the code in PowerShell.
Step 2
Enter user Credentials.
Step 3
Get Site collection, Group & User.
Step 4
Get the user associated with the site and their respective role.
Step 5
Then assign permissions to a user & mention how to remove the permissions.
Step 6
Also, assign unique permissions for list, list items & subsite. For subsite, we have to assign unique permissions while creating the subsite by breaking the root site inheritance.
- # Provide URL of the Site
- $sUrl = "https://Contoso.sharepoint.com/sites/SiteName"
- try {
- #pass valid credentials
- Connect - PnPOnline - Url $sUrl - Credentials(Get - Credential)
- $siteColl = Get - PnPTenantSite
- Get - PnPGroup
- Get - PnPUser
- #To get the user and their corresponding role
- $web = Get - PnPWeb - Includes RoleAssignments
- foreach($ra in $web.RoleAssignments) {
- $member = $ra.Member
- $loginName = get - pnpproperty - ClientObject $member - Property LoginName
- $rolebindings = get - pnpproperty - ClientObject $ra - Property RoleDefinitionBindings
- write - host "$($loginName) - $($rolebindings.Name)"
- write - host
- }
- #To assign a role / Permission to the user in site
- Set - PnPWebPermission - User '[email protected]' - AddRole 'contribute'
- #To remove permission of an user
- Set - PnPWebPermission - User '[email protected]' - RemoveRole 'Read'
- # Add unique permission to list, first we have remove unique permissions
- if any
- Set - PnPListPermission - Identity 'ctlist' - User '[email protected]' - AddRole 'Contribute'
- # Add unique permission to list items
- Set - PnPListItemPermission - List 'MULlist' - Identity 3 - User '[email protected]' - AddRole 'Edit'
- write - host "Successful"
- $mysubsite = New - PnPWeb - Title "Subsite" - Url Subsiteurl - Description "A subsite" - Locale 1033 - Template "STS#0" - BreakInheritance
- Add - PnPTenantSequenceSubSite - Site $siteColl - SubSite $mysubsite
- Write - host "Site '$SiteTitle' Created Successfully!"
- } catch {
- write - host - f Red "Error:"
- $_.Exception.Message
- }
Conclusion
Hence, we can see that after performing the above operation, we can set/recognize the permissions quite easily regarding the requirements of an organization. This will lead to the improvement of security, as well as better performance.