Post
Ask Question

SharePoint Permission Tasks Using PnP PowerShell

Introduction 

 
In this blog, we are going to discuss SharePoint permissions in different scenarios, like how to assign & remove permission to a user, and how to assign unique permission. Also, we will retrieve the users and the corresponding role associated with them.
 
SharePoint permissions are used for assigning different types of roles/permission to different users. A user can perform activity according to the permission or role which is assigned to the user. There are different types of permissions/roles available in SharePoint.
 
Here, we will use PnP Online to perform permission tasks. Please follow the below code snippet and the steps given to perform the permission tasks.
 
Step 1
 
Let's open the Windows PowerShell ISE as an administrator, and then run the code in PowerShell.
 
Step 2
 
Enter user Credentials.
 
Step 3
 
Get Site collection, Group & User.
 
Step 4
 
Get the user associated with the site and their respective role.
 
Step 5
 
Then assign permissions to a user & mention how to remove the permissions.
 
Step 6
 
Also, assign unique permissions for list, list items & subsite. For subsite, we have to assign unique permissions while creating the subsite by breaking the root site inheritance.
  1. # Provide URL of the Site  
  2. $sUrl = "https://Contoso.sharepoint.com/sites/SiteName"  
  3. try {  
  4.     #pass valid credentials  
  5.     Connect - PnPOnline - Url $sUrl - Credentials(Get - Credential)  
  6.     $siteColl = Get - PnPTenantSite  
  7.     Get - PnPGroup  
  8.     Get - PnPUser  
  9.     #To get the user and their corresponding role  
  10.     $web = Get - PnPWeb - Includes RoleAssignments  
  11.     foreach($ra in $web.RoleAssignments) {  
  12.         $member = $ra.Member  
  13.         $loginName = get - pnpproperty - ClientObject $member - Property LoginName  
  14.         $rolebindings = get - pnpproperty - ClientObject $ra - Property RoleDefinitionBindings  
  15.         write - host "$($loginName) - $($rolebindings.Name)"  
  16.         write - host  
  17.     }  
  18.     #To assign a role / Permission to the user in site  
  19.     Set - PnPWebPermission - User '[email protected]' - AddRole 'contribute'  
  20.     #To remove permission of an user  
  21.     Set - PnPWebPermission - User '[email protected]' - RemoveRole 'Read'  
  22.     # Add unique permission to list, first we have remove unique permissions  
  23.     if any  
  24.     Set - PnPListPermission - Identity 'ctlist' - User '[email protected]' - AddRole 'Contribute'  
  25.     # Add unique permission to list items  
  26.     Set - PnPListItemPermission - List 'MULlist' - Identity 3 - User '[email protected]' - AddRole 'Edit'  
  27.     write - host "Successful"  
  28.     $mysubsite = New - PnPWeb - Title "Subsite" - Url Subsiteurl - Description "A subsite" - Locale 1033 - Template "STS#0" - BreakInheritance  
  29.     Add - PnPTenantSequenceSubSite - Site $siteColl - SubSite $mysubsite  
  30.     Write - host "Site '$SiteTitle' Created Successfully!"  
  31. catch {  
  32.     write - host - f Red "Error:"  
  33.     $_.Exception.Message  
  34. }  

Conclusion

 
Hence, we can see that after performing the above operation, we can set/recognize the permissions quite easily regarding the requirements of an organization. This will lead to the improvement of security, as well as better performance.