none
Powershell change permissions of a Sharepoint 2010 List or List-Item

    Question

  • Hello,

    I need to do the following: I need to find out if a specific user has any permissions in a Sharepoint 2010 list. If yes, than I have to revoke all his permissions and assign him new permissions. I even have to do this at list-item level in a second step. Does anybody have some simple Powershell code snippets I could re-use.

    Many thanks in advance

    Monday, January 02, 2012 8:06 PM

Answers

  • You can try this
    Remove User
    $web = Get-SPWeb http://SPSite
    $account = $web.EnsureUser("SHAREPOINT\user")
    $list = $web.Lists["Shared Documents"]
    $list.RoleAssignments.Remove($account)
    $list.Update()
    $web.Dispose()
    Add User
    $web = Get-SPWeb http://SPSite
    $account = $web.EnsureUser("SHAREPOINT\user")
    $role = $web.RoleDefinitions["Contribute"]
    $list = $web.Lists["Shared Documents"]
    $list.BreakRoleInheritance($true)
    $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
    $assignment.RoleDefinitionBindings.Add($role)
    $list.RoleAssignments.Add($assignment)
    $list.Update()
    $web.Dispose()
    You may also refer this article, it may help you
    http://vimleshtiwari.blogspot.com/2011/01/addremove-sharepoint-group-using-power.html
    http://www.powershell.nu/2009/02/16/remove-sharepoint-users-programmatically-part-2/
    http://secretsofsharepoint.com/cs/blogs/tips/archive/2010/09/30/managing-users-in-sharepoint-2010-using-powershell.aspx

    Satyam MCITP, MCPD
    Tuesday, January 03, 2012 6:53 AM

All replies

  • You can try this
    Remove User
    $web = Get-SPWeb http://SPSite
    $account = $web.EnsureUser("SHAREPOINT\user")
    $list = $web.Lists["Shared Documents"]
    $list.RoleAssignments.Remove($account)
    $list.Update()
    $web.Dispose()
    Add User
    $web = Get-SPWeb http://SPSite
    $account = $web.EnsureUser("SHAREPOINT\user")
    $role = $web.RoleDefinitions["Contribute"]
    $list = $web.Lists["Shared Documents"]
    $list.BreakRoleInheritance($true)
    $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
    $assignment.RoleDefinitionBindings.Add($role)
    $list.RoleAssignments.Add($assignment)
    $list.Update()
    $web.Dispose()
    You may also refer this article, it may help you
    http://vimleshtiwari.blogspot.com/2011/01/addremove-sharepoint-group-using-power.html
    http://www.powershell.nu/2009/02/16/remove-sharepoint-users-programmatically-part-2/
    http://secretsofsharepoint.com/cs/blogs/tips/archive/2010/09/30/managing-users-in-sharepoint-2010-using-powershell.aspx

    Satyam MCITP, MCPD
    Tuesday, January 03, 2012 6:53 AM
  • Many thanks Satyam, I'll try that out. One additional question:

    Before I remove and assign new permissions I want to find out, if the user has any permissions on the list. If not I can skip that list and do nothing. The list already has Unique Role Assignments set to TRUE.

    In order to find that out I run through the Role Assignments collection like this:

    $list = $Web.Lists["Shared Documents"]
    foreach ($ra in $list.RoleAssignments)
    {
    $user = $ra.Member
    if ($user.LoginName -eq "domain\my.user") 	
    {
    $userfound = $True
    break
    }
    }
    

    I'm new with Powerhell and Piping, but is there a simpler way to find that out, something like

    [System.Object[]]$user = ($list.RoleAssignments | $_.Member | Where-Object {$_.LoginName -eq "domain\my.user"})
    

    This doesn't work, I know, but maybe there's a similar way to find that out

    Many thanks

     

    Tuesday, January 03, 2012 12:14 PM
  • Hi,

    You may refer this article, it will help you

    http://powershellreflections.wordpress.com/2011/06/15/get-user-roles-in-sharepoint-2007/


    Satyam MCITP, MCPD
    Tuesday, January 03, 2012 12:32 PM
  • Mauimart,

     

    I am trying to do the same thing. However, I noticed the $list.RoleAssignments.Remove(x) is the index number. I cannot it get to take text, specifying the user.

     

    Basically, I want to remove all but 3 specific users. See below.

    foreach ($item in $list.permissions)
    	{
    		if($item.member.tostring() -ne "domain\user 1" -and $item.member.tostring() -ne "domain\user 2" -and $item.member.tostring() -ne "domain\user 3") 
    		{
    		write-host $item
    		}
    	}

    This actually returns the users I want to remove. The If block are the users I want to keep.

    Thursday, January 05, 2012 3:13 PM
  • Lowry0031,

    $list.RoleAssignments.Remove(x) takes a SPUser object (see Satyams example above) 

    To find a specific user and/or his permissions in a list I use the following now:

    $list = $Web.Lists["Shared Documents"]
    $usertofind = "domain\my.user"
    [Microsoft.Sharepoint.SPUser]$a = $list.RoleAssignments | ForEach-Object {$_.Member | Where-Object {$_.LoginName -eq $usertofind}}
    #----- or alternatively
    [Microsoft.Sharepoint.SPRoleAssignment]$b = ($list.RoleAssignments | Where-Object {$_.Member | Where-Object {$_.LoginName -eq $usertofind}})

    • Edited by mauimart Thursday, January 05, 2012 8:38 PM
    Thursday, January 05, 2012 7:52 PM
  • This solution works. I had to set a user to be part of individual items in a library so I wrote this to manage that - thought I would share in case this helps someone.

    $web = Get-SPWeb "http://sf-dev-sp1005:49081/sub001"
    foreach ($lst in $web.lists)
    {
     <#   $lst.Update()
        $lst.BreakRoleInheritance($true)
        $lst.Update()
        Write-host " Break Inheritance on:" $lst.title`n #>
        $account = $web.EnsureUser("reclab\e7u001")
        $role = $web.RoleDefinitions["Contribute"]
        $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
        $assignment.RoleDefinitionBindings.Add($role)
     foreach ($item in $lst.items) {
         $item.BreakRoleInheritance($true)
            $item.RoleAssignments.Add($assignment)
      $item.Update
      Write-host " Break Inheritance on:" $item.Name + " " $item.title`n
     }
    }

    Friday, May 04, 2012 4:43 PM