Following powershell functions can be used to create Groups, Remove permissions from a group in a list and adding permissions to a group in a list
function Create-SPGroupInWeb
The functions can be called like this:
function Create-SPGroupInWeb
{
param ($Url, $GroupName, $PermissionLevel, $Description)
$web = Get-SPWeb -Identity $Url
if ($web.SiteGroups[$GroupName] -ne $null)
{
Write-Host "Group $GroupName already exists!" -foregroundcolor Red
}
else
{
$web.SiteGroups.Add($GroupName, $web.Site.Owner, $web.Site.Owner, $Description)
$group = $web.SiteGroups[$GroupName]
$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
$roleDefinition = $web.Site.RootWeb.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$web.RoleAssignments.Add($roleAssignment)
$web.Update()
Write-Host "Group $GroupName created successfully" -foregroundcolor Green
}
$web.Dispose()
}
function Remove-SPPermisssionFromListGroup
{
param ($Url, $ListName, $GroupName, $PermissionLevel)
$web = Get-SPWeb -Identity $Url
$list = $web.Lists.TryGetList($ListName)
if ($list -ne $null)
{
if ($list.HasUniqueRoleAssignments -eq $False)
{
$list.BreakRoleInheritance($True)
}
else
{
if ($web.SiteGroups[$GroupName] -ne $null)
{
$group = $web.SiteGroups[$GroupName]
$roleAssign = $list.RoleAssignments.GetAssignmentByPrincipal($group);
$roleDefinition = $web.RoleDefinitions[$PermissionLevel];
$roleAssign.RoleDefinitionBindings.Remove($roleDefinition);
$roleAssign.Update();
$list.Update();
Write-Host "Successfully removed $PermissionLevel permission from $GroupName group in $ListName list." -foregroundcolor Green
}
else
{
Write-Host "Group $GroupName does not exist." -foregroundcolor Red
}
}
}
else
{
Write-Host "List $ListName does not exist!" -foregroundcolor Red
}
$web.Dispose()
}
function Add-SPPermissionToListGroup
{
param ($Url, $ListName, $GroupName, $PermissionLevel)
$web = Get-SPWeb -Identity $Url
$list = $web.Lists.TryGetList($ListName)
if ($list -ne $null)
{
if ($list.HasUniqueRoleAssignments -eq $False)
{
$list.BreakRoleInheritance($True)
}
else
{
if ($web.SiteGroups[$GroupName] -ne $null)
{
$group = $web.SiteGroups[$GroupName]
$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
$roleDefinition = $web.RoleDefinitions[$PermissionLevel];
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition);
$list.RoleAssignments.Add($roleAssignment)
$list.Update();
Write-Host "Successfully added $PermissionLevel permission to $GroupName group in $ListName list. " -foregroundcolor Green
}
else
{
Write-Host "Group $GroupName does not exist." -foregroundcolor Red
}
}
}
$web.Dispose()
}
# Create web level groups
Create-SPGroupInWeb $Url "Finance Members" "Read" "Finance Members group"
# Remove contribute permissions from groups in Customers List.
Remove-SPPermisssionFromListGroup $Url "Customers" "Contracts Members" "Contribute"
Add-SPPermissionToListGroup $Url "Customers" "Contracts Members" "Read"
0 comments
Post a Comment