Requirement is to Set Item Level permission to a SharePoint Group to all documents in a specific document library with 100+ documents.
Solution: Earlier, I wrote C# code to set Item level permission on Event Receiver to Set Item Level Permissions . This time let me do it with PowerShell.
Set Item Level Permission with PowerShell
Similarly, We can add users to Item level/List permissions:
![]()
Solution: Earlier, I wrote C# code to set Item level permission on Event Receiver to Set Item Level Permissions . This time let me do it with PowerShell.
Set Item Level Permission with PowerShell
# For MOSS 2007 compatibility
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
#Region MOSS2007-CmdLets
Function global:Get-SPSite()
{
Param( [Parameter(Mandatory=$true)] [string]$SiteCollURL )
if($SiteCollURL -ne '')
{
return new-Object Microsoft.SharePoint.SPSite($SiteCollURL)
}
}
Function global:Get-SPWeb()
{
Param( [Parameter(Mandatory=$true)] [string]$SiteURL )
$site = Get-SPSite($SiteURL)
if($site -ne $null)
{
$web=$site.OpenWeb();
}
return $web
}
#EndRegion
Function AddItemLevelPermissionToGroup()
{
#Define Parameters
Param( [Parameter(Mandatory=$true)] [string]$SiteURL,
[Parameter(Mandatory=$true)] [string]$ListName,
[Parameter(Mandatory=$true)] [string]$GroupName,
[Parameter(Mandatory=$true)] [string]$PermissionLevel )
#Get the Web Application
$Web=Get-SPWeb($SiteURL)
#Get the List
$list = $web.Lists[$ListName]
if ($list -ne $null)
{
#Loop through each Item in the List
foreach($item in $list.items)
{
#Check if Item has Unique Permissions. If not Break inheritence
if($item.HasUniqueRoleAssignments -eq $False)
{
$item.BreakRoleInheritance($false)
#False: Does removes all users & groups from Item's Permissions
}
if ($web.SiteGroups[$GroupName] -ne $null)
{
#Get the Group from GroupName Parameter
$group = $web.SiteGroups[$GroupName]
$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
#Get Permission Level, such as "Read", "Contribute", etc
$roleDefinition = $web.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition);
#Grant Access to specified Group
$item.RoleAssignments.Add($roleAssignment)
#To Remove Access: Call $item.RoleAssignments.Remove($group) . No Need for objects: roleAssignment, roleDefinition
$item.SystemUpdate();
Write-Host "Successfully added $($PermissionLevel) to $GroupName group in $($Item.Name)" -foregroundcolor Green
}
}
$Web.Dispose()
}
}
#Call the Function to Grant Item Level Permission
#Parameters: $SiteURL, $ListName, $GroupName, $PermissionLevel
AddItemLevelPermissionToGroup "http://sharepoint.crescent.com/sites/sales" "Documents" "Approvers" "Read"Similarly, We can add users to Item level/List permissions:
#Add User to site, if doesn't exist
$user = $web.EnsureUser('global\salaudeen')
$roleDefinition = $web.RoleDefinitions[$PermissionLevel]
$roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$item.RoleAssignments.Add($roleAssignment)
#Call $list.RoleAssignments.Add($roleAssignment) to set permission at List level
$item.SystemUpdate();
Write-Host "Successfully added $($user) to $($Item.Name)" -foregroundcolor Green