Add And Remove Operation Of Role Definition (Permission Level) In SharePoint Site Using PnP PowerShell

In this blog, we will see how we can add a custom permission level in SharePoint site using PnP PowerShell.

In this blog, we will see how we can add a custom permission level in SharePoint site using PnP PowerShell. Also, we will see how we can get a particular permission level and remove it from the SharePoint site using PnP PowerShell. 
 

Add Custom Permission Level in SharePoint site

 
The following command snippet will help you to create the permission level in SharePoint site.
 
Add-PnPRoleDefinition -RoleName "MyNewPermLevel"
 
Also, you can create permission level by cloning from an existing Role Definition and also you can exclude or include flags in new custom permission level. The following example shows to create the permission level by cloning "Contribute" and removes flags DeleteListItems and EditListItems, as given below:
 
$siteRoleDef = Get-PnPRoleDefinition -Identity "Contribute"
Add-PnPRoleDefinition -RoleName "MyNewPermLevel" -Clone $siteRoleDef -Exclude DeleteListItems, EditListItems
 

Get and Remove Permission Level from SharePoint site

 
In the following command snippet, it will get a permission level called "MyNewPermLevel " from the current web.
 
Get-PnPRoleDefinition -Identity MyNewPermLevel
 
Following command snippet will remove a permission level called "MyNewPermLevel " from the current web.
 
Remove-PnPRoleDefinition -Identity MyNewPermLevel
Connect-PnPOnline –Url https://yoursite.sharepoint.com –Credentials (Get-Credential)
<#Add custom permission level to your SharePoint site#>
Add-PnPRoleDefinition -RoleName "MyNewPermLevel"
<#In the following command snippet shows how to create the permission level by cloning "Contribute" and removes flags DeleteListItems and EditListItems#>
$siteRoleDef = Get-PnPRoleDefinition -Identity "Contribute"
Add-PnPRoleDefinition -RoleName "MyNewPermLevel" -Clone $siteRoleDef -Exclude DeleteListItems, EditListItems
<#Get a permission level called "MyNewPermLevel" from the current web#>
Get-PnPRoleDefinition -Identity MyNewPermLevel
<#Remove a permission level called "MyNewPermLevel" from the current web#>
Remove-PnPRoleDefinition -Identity MyNewPermLevel