This script updates permission for a SharePoint folder. To use it in Adaxes, you can add the script to a Business Rule, Custom Command or Scheduled Task using the Run a program or PowerShell script action.
Parameters:
- $sharePointServer - specifies the NetBIOS name of the computer where the SharePoint Sever is homed;
- $webApplicationURL - specifies the URL of the SharePoint web application;
- $folderPath - specifies the path to the folder for which you want to update the access permissions;
Note: You can use value references (e.g. %name%) to use properties of the object on which the script is executed as a part of the folder path. For example, if you specify Shared Documents/Folder A/%name% and execute the script on a user whose name is John Doe, the resulting path will be Shared Documents/Folder A/John Doe.
- $stopInheritablePermissions - specifies whether to stop inheriting permissions from the parent;
- $securityItems - specifies the permissions that you want to set.
You can specify custom security settings for users, Active Directory groups or SharePoint groups. Format:
"DOMAIN\username"="RoleType";"DOMAIN\groupname"="RoleType";"SharePointGroupName"="RoleType"
Default role types: Administrator, Contributor, Reader, WebDesigner.
PowerShell
$sharePointServer = "SharePointServer" # TODO: modify me
$webApplicationURL = "http://$sharePointServer/sites/MySite" # TODO: modify me
$folderPath = "Shared Documents/Folder A/%name%" # TODO: modify me
$stopInheritablePermissions = $True # TODO: modify me. Specify $False to inherits permissions from the parent or $True to stop inheritance
$securityItems = @{"EXAMPLE\Administrator"="Administrator";"SharePointDesigners"="WebDesigner"} # TODO: modify me
# Connect to the SharePoint Server
$session = New-PSSession $sharePointServer -Authentication Kerberos
$result = Invoke-Command -Session $session -ArgumentList $webApplicationURL, $folderPath, $newFolderPath, $stopInheritablePermissions, $securityItems -ScriptBlock {
param($webApplicationURL, $folderPath, $newFolderPath, $stopInheritablePermissions, $securityItems)
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") | Out-Null
# Open the web application
$site = New-Object Microsoft.SharePoint.SPSite("$webApplicationURL")
$web = $site.OpenWeb();
# Access the folder
$folder = $web.GetFolder($folderPath)
if ($folder.Exists)
{
$folder = $folder.Item
if ($stopInheritablePermissions)
{
$folder.BreakRoleInheritance($true)
$userFolderRoleAssignments = $folder.RoleAssignments
$userFolderRoleAssignmentsCount = $userFolderRoleAssignments.Count
for ($i = $userFolderRoleAssignmentsCount-1; $i -ge 0; $i--)
{
$folder.RoleAssignments.Remove($i)
}
# Save changes
$folder.Update()
}
# Set permissions
$errorInfo = $NULL
if ($securityItems -ne $NULL)
{
$folder.BreakRoleInheritance($true)
foreach ($objectName in $securityItems.Keys)
{
$roleTypeName = $securityItems[$objectName]
try
{
$roleDefinition = $web.RoleDefinitions.GetByType($roleTypeName)
}
catch
{
$errorInfo += $objectName + "; "
continue
}
if ($web.SiteGroups[$objectName] -ne $NULL)
{
$customRoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($web.SiteGroups[$objectName])
}
else
{
$customRoleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($objectName,$null,$null,$null)
}
$customRoleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$folder.RoleAssignments.Add($customRoleAssignment)
}
# Save changes
$folder.Update()
}
return $errorInfo
}
}
Remove-PSSession -Session $session
# If there was an error when changing permissions, show the error
if ($errorInfo -ne $NULL)
{
$Context.LogMessage("Failed to set folder permissions for " + $result + " because the specified Role Type was not found on the server.", "Warning")
}