Script Repository


Change permissions for SharePoint folder

October 14, 2015
1341

This script updates permission for a SharePoint folder. To use it in Adaxes, you can add the script to a Business Rule, Custom Command or Scheduled Task using the Run a program or PowerShell script action.

Parameters:

  • $sharePointServer - specifies the NetBIOS name of the computer where the SharePoint Sever is homed;
  • $webApplicationURL - specifies the URL of the SharePoint web application;
  • $folderPath - specifies the path to the folder for which you want to update the access permissions;
    Note: You can use value references (e.g. %name%) to use properties of the object on which the script is executed as a part of the folder path. For example, if you specify Shared Documents/Folder A/%name% and execute the script on a user whose name is John Doe, the resulting path will be Shared Documents/Folder A/John Doe.
  • $stopInheritablePermissions - specifies whether to stop inheriting permissions from the parent;
  • $securityItems - specifies the permissions that you want to set.
    You can specify custom security settings for users, Active Directory groups or SharePoint groups. Format:

    "DOMAIN\username"="RoleType";"DOMAIN\groupname"="RoleType";"SharePointGroupName"="RoleType"

    Default role types: Administrator, Contributor, Reader, WebDesigner.
Edit Remove
PowerShell
$sharePointServer = "SharePointServer" # TODO: modify me

$webApplicationURL = "http://$sharePointServer/sites/MySite" # TODO: modify me
$folderPath = "Shared Documents/Folder A/%name%" # TODO: modify me
$stopInheritablePermissions = $True # TODO: modify me. Specify $False to inherits permissions from the parent or $True to stop inheritance

$securityItems = @{"EXAMPLE\Administrator"="Administrator";"SharePointDesigners"="WebDesigner"} # TODO: modify me

# Connect to the SharePoint Server
$session = New-PSSession $sharePointServer -Authentication Kerberos
$result = Invoke-Command -Session $session -ArgumentList $webApplicationURL, $folderPath, $newFolderPath, $stopInheritablePermissions, $securityItems -ScriptBlock {
    param($webApplicationURL, $folderPath, $newFolderPath, $stopInheritablePermissions, $securityItems)
    
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") | Out-Null
    
    # Open the web application
    $site = New-Object Microsoft.SharePoint.SPSite("$webApplicationURL")
    $web = $site.OpenWeb();

    # Access the folder
    $folder = $web.GetFolder($folderPath)
    
    if ($folder.Exists)
    {
        $folder = $folder.Item
        if ($stopInheritablePermissions)
        {
            $folder.BreakRoleInheritance($true)
            $userFolderRoleAssignments = $folder.RoleAssignments
            $userFolderRoleAssignmentsCount = $userFolderRoleAssignments.Count
            for ($i = $userFolderRoleAssignmentsCount-1; $i -ge 0; $i--)
            {
                 $folder.RoleAssignments.Remove($i)
            }

            # Save changes
            $folder.Update()
        }
    
        # Set permissions
        $errorInfo = $NULL
        if ($securityItems -ne $NULL)
        {
            $folder.BreakRoleInheritance($true)
            foreach ($objectName in $securityItems.Keys)
            {
                $roleTypeName = $securityItems[$objectName]
                try
                {
                    $roleDefinition = $web.RoleDefinitions.GetByType($roleTypeName)
                }
                catch
                {
                    $errorInfo += $objectName + "; "
                    continue
                }
                if ($web.SiteGroups[$objectName] -ne $NULL)
                {
                    $customRoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$objectName])
                }
                else
                {
                    $customRoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($objectName,$null,$null,$null)
                }
                $customRoleAssignment.RoleDefinitionBindings.Add($roleDefinition)
                $folder.RoleAssignments.Add($customRoleAssignment)
            }

            # Save changes
            $folder.Update()
        }
        return $errorInfo
    }
}
Remove-PSSession -Session $session

# If there was an error when changing permissions, show the error
if ($errorInfo -ne $NULL)
{
    $Context.LogMessage("Failed to set folder permissions for " + $result + " because the specified Role Type was not found on the server.", "Warning")
}


Comments ( 0 )
No results found.
Leave a comment