Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
Remove Permissions from Group using Powershell

Answered Remove Permissions from Group using Powershell

  • 29 februarie 2012 23:12
     
     
    Sign in pentru a vota
    0

    Hi,

    I have a group "TestGroup" setup on a particular Web (http://site/myweb for example) with Contribute Permissions and within the same Web I have a Document Library that does NOT inherit permissions and also has the group "TestGroup" with Contribute Permissions.

    What I'm trying to do is use PowerShell to change the Permissions for the "TestGroup" from Contribute to Read but only for the Web and leave the Document Library permissions unchanged (still Contribute).

    Does anyone know how to accomplish this using PowerShell?

    Your help would be greatly appreciated.

    Thanks,

    Grant.

     

Toate mesajele

  • 29 februarie 2012 23:25
     
      Are cod
    Sign in pentru a vota
    0

    Hi.

    Use a combo of these two:

    How to: Assign a Permission Level to a SharePoint Group
    http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2008/04/02/how-to-assign-a-permission-level-to-a-sharepoint-group.aspx

    PowerShell to create SharePoint groups
    http://blog.pointbeyond.com/2011/06/03/powershell-to-create-sharepoint-groups/

    In order to separate the two, first stop inheritance on the document library, that will copy the current setting to the library and leave it intact even if you chnage on the web. Then change the groups permission level on the web.

    How to break inheritance...use this as an inspiration and you will figure it out:

    $spSite = Get-SPSite -Identity "http://blksthl"
foreach ($spWeb in $spSite.AllWebs)
{
  if (!$spWeb.IsRootWeb)
  {
    # Break inheritance
    $spWeb.Update()
    $spWeb.BreakRoleInheritance($true)
    $spWeb.Update()
    Write-host " Break Inheritance on:" $spWeb.url$spweb
  }
}

    Hope that helps

    Regards

    Thomas Balkeståhl - Technical Specialist - SharePoint - http://blog.blksthl.com

     
  • 29 februarie 2012 23:48
     
     
    Sign in pentru a vota
    0

    Here you go.

    This link should help you - Powershell script to asign Group Read Permissions.

    http://get-spscripts.com/2010/07/adding-groups-with-permission-levels-to.html

    Varun Malhotra
    =================
    If my post solves your problem could you mark the post as Answered or Vote As Helpful if my post has been helpful for you.

     
  • 1 martie 2012 00:06
     
     
    Sign in pentru a vota
    0

    Thanks Thomas and Varun - much appreciated.

    However I still can't see how to remove the Contribute Permissions from the Group only at Web level.

    I can add additional permissions such as Read, Full Control, etc. But can't remove what is already there without removing the entire group.

    I don't want to create the group as I have a few hundred that already exist with permissions at different areas (Web, Document Library, etc.) and only want to change the permissions for the Web and nothing else. Everything is already setup to NOT inherit from the Web.

    Kind Regards,

    Grant.

     
  • 12 martie 2012 16:33
     
     Răspuns Are cod
    Sign in pentru a vota
    0

    These functions should give you what you need:

    function Get-SPGroup(
  [Microsoft.SharePoint.PowerShell.SPWebPipeBind]$web,
  [string]$group) {
  
  $spWeb = $web.Read()
  $spGroup = $spWeb.SiteGroups[$group]
  $spWeb.Dispose()
  return $spGroup
}

function Add-SPGroupPermission([Microsoft.SharePoint.SPGroup]$group, [string[]]$permissions) {
  $ra = $group.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group)
  foreach ($permission in $permissions) {
    $rd = $group.ParentWeb.RoleDefinitions[$permission]
    $ra.RoleDefinitionBindings.Add($rd)
  }
  $ra.Update()
  $group.Update()
}
function Remove-SPGroupPermission([Microsoft.SharePoint.SPGroup]$group, [string[]]$permissions) {
  $ra = $group.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group)
  foreach ($permission in $permissions) {
    $rd = $group.ParentWeb.RoleDefinitions[$permission]
    $ra.RoleDefinitionBindings.Remove($rd)
  }
  $ra.Update()
  $group.Update()
}

    Gary Lapointe, Blog: http://blog.falchionconsulting.com/, Twitter: http://twitter.com/glapointe Aptillon Inc.: http://www.aptillon.com

     
  • 15 martie 2012 12:19
     
     
    Sign in pentru a vota
    0

    Hi Gary,

    Thanks heaps for this - looks like it will do the trick but been flat out with another project so still haven't tried it yet.

    Much appreciated.

    Cheers,

    Grant.

    P.S. Loved your book Automating SP 2010 with PowerShell 2.0 - helped me immensely.

     
  • 1 mai 2012 23:15
     
     
    Sign in pentru a vota
    0
    Question Thomas - why did you do a $Spweb.Update before and after the BreakRoleInheritance ?              - thanks Jeannine
     
  • 2 mai 2012 06:38
     
     
    Sign in pentru a vota
    0

    Hi Jeannine.

    Good question, I think it was a leftover from a trial run...does no harm, but should not be needed :-)

    Regards

    Thomas Balkeståhl - Technical Specialist - SharePoint - http://blog.blksthl.com
    Download the SharePoint Branding Project here

     
© 2013 Microsoft. All rights reserved.