Set custom permissions for a site in SharePoint Online with PowerShell

This is the last part of this series 10/10 where we will be setting custom permissions for a site in SharePoint Online with PowerShell. This is part of the following series:

We will be collecting all available web templates in part 1 so we can use this to create a new site in part 2. In part 3 we will be creating a web for the newly created site. We then want to create a couple of site columns in part 4 which we will combine to a content type in part 5. This content type will be added (part 8) to our newly created document library in part 7 using a list template from part 6. After everything is set we will be setting the view in part 9 for this list to show the added columns we got from adding the content type. We only want to set permissions for myself so I’ll will be breaking the inheritance and setting permissions in part 10.

Set custom permissions for a site in SharePoint Online

This script will first break inheritance of the site and then create three groups (owner, member and visitor) and add these to the site with the specified permissions. We will first start by opening the SharePoint Online Management Shell as administrator which can be downloaded at https://www.microsoft.com/en-us/download/details.aspx?id=35588.

image

You will need to change the first variables to match your Office 365 tenant and copy this bit to PowerShell.

function update-SPOnlineSitePermissions {
  #variables that needs to be set before starting the script
  $webURL = "https://spfire.sharepoint.com/sites/BlogDemo/MyFirstWeb"
  $adminUrl = "https://spfire-admin.sharepoint.com"
  $userName = "mpadmin@spfire.onmicrosoft.com"
  $members = "i:0#.f|membership|mpadmin@spfire.onmicrosoft.com"</pre>
# Let the user fill in their password in the PowerShell window
$password = Read-Host "Please enter the password for $($userName)" -AsSecureString

# set SharePoint Online credentials
$SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $password)

# Creating client context object
$context = New-Object Microsoft.SharePoint.Client.ClientContext($webURL)
$context.credentials = $SPOCredentials
$web = $context.web
$context.load($web)

$web.breakroleinheritance($false, $false)
$web.update()
#send the request containing all operations to the server
try{
$context.executeQuery()
write-host "info: Broken inheritance for $($web.title)" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}

#Create new groups
$siteGroups = "$($web.title) visitors", "$($web.title) members", "$($web.title) owners"
foreach ($siteGroup in $siteGroups){
if ($siteGroup -like "*visitors")
{
$gci = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$gci.Title = $siteGroup
$siteGroup = $Context.Web.SiteGroups.Add($gci)
$PermissionLevel = $Context.Web.RoleDefinitions.GetByName("Read")

#Bind Permission Level to Group
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
$RoleDefBind.Add($PermissionLevel)
$Assignments = $Context.Web.RoleAssignments
$RoleAssignOneNote = $Assignments.Add($siteGroup,$RoleDefBind)
$Context.Load($siteGroup)
#send the request containing all operations to the server
try{
$context.executeQuery()
write-host "info: Added visitors group" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}
}

if ($siteGroup -like "*members")
{
$gci = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$gci.Title = $siteGroup
$siteGroup = $Context.Web.SiteGroups.Add($gci)
$PermissionLevel = $Context.Web.RoleDefinitions.GetByName("Edit")

#Bind Permission Level to Group
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
$RoleDefBind.Add($PermissionLevel)
$Assignments = $Context.Web.RoleAssignments
$RoleAssignOneNote = $Assignments.Add($siteGroup,$RoleDefBind)
$Context.Load($siteGroup)
#send the request containing all operations to the server
try{
$context.executeQuery()
write-host "info: Added members group" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}
}

if ($siteGroup -like "*owners")
{
$gci = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$gci.Title = $siteGroup
$siteGroup = $Context.Web.SiteGroups.Add($gci)
$PermissionLevel = $Context.Web.RoleDefinitions.GetByName("Full Control")

#Bind Permission Level to Group
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($Context)
$RoleDefBind.Add($PermissionLevel)
$Assignments = $Context.Web.RoleAssignments
$RoleAssignOneNote = $Assignments.Add($siteGroup,$RoleDefBind)
$Context.Load($siteGroup)
#send the request containing all operations to the server
try{
$context.executeQuery()
write-host "info: Added owners group" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}
}
}

#add user to group
$spGroups = $Web.SiteGroups
$context.Load($spGroups)
$spGroup=$spGroups.GetByName("$($web.title) members")

$spUser = $context.Web.EnsureUser($members)
$context.Load($spUser)
$spUserToAdd=$spGroup.Users.AddUser($spUser)
$context.Load($spUserToAdd)
try{
$context.executeQuery()
write-host "info: Added user to members group" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}
}
update-SPOnlineSitePermissions

image_thumb7

You will be asked to enter the password and press enter

image

Verify if the groups have been created

image

Create new view for a list in SharePoint Online with PowerShell

This is part 9 of 10 where we will be creating a new view for a list in SharePoint Online with PowerShell. This is part of the following series:

We will be collecting all available web templates in part 1 so we can use this to create a new site in part 2. In part 3 we will be creating a web for the newly created site. We then want to create a couple of site columns in part 4 which we will combine to a content type in part 5. This content type will be added (part 8) to our newly created document library in part 7 using a list template from part 6. After everything is set we will be setting the view in part 9 for this list to show the added columns we got from adding the content type. We only want to set permissions for myself so I’ll will be breaking the inheritance and setting permissions in part 10.

 Create new view for a list in SharePoint Online

This script will first create a new view and will add specified columns to this view. You can create an array using a .CSV file but I know the column names so I will create my array in the script.

This script will update the library to enable multiple content types and then add the newly created content type. We will first start by opening the SharePoint Online Management Shell as administrator which can be downloaded at https://www.microsoft.com/en-us/download/details.aspx?id=35588.

image

You will need to change the first variables to match your Office 365 tenant and copy this bit to PowerShell.

function new-SPOnlineView {
 #variables that needs to be set before starting the script
 $siteURL = "https://spfire.sharepoint.com/sites/blogdemo"
 $adminUrl = "https://spfire-admin.sharepoint.com"
 $userName = "mpadmin@spfire.onmicrosoft.com"
 $listName = "finance"
 $viewName = "Blog View"
 $viewColumns = "Name", "Blog Text", "Blog Number", "Blog User", "Created", "Modified"
 
 # Let the user fill in their password in the PowerShell window
 $password = Read-Host "Please enter the password for $($userName)" -AsSecureString
 
 # set credentials
 $SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $password)
  
 # Creating client context object
 $context = New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
 $context.credentials = $SPOCredentials
 $web = $context.web
 $list = $web.lists.GetByTitle($listName)
 $context.load($list)
 
 #Creating new view using ViewCreationInformation (VCI)
 $vci = New-Object Microsoft.SharePoint.Client.ViewCreationInformation 
 $vci.Title = $viewName
 $vci.ViewTypeKind= [Microsoft.SharePoint.Client.ViewType]::None
 $vci.RowLimit=50
    $vci.SetAsDefaultView=$true  
 $vci.ViewFields=@($viewColumns)</pre>
#adding view to list
$listViews = $list.views
$context.load($listViews)
$addListView = $listViews.Add($vci)
$context.load($addListView)

#send the request containing all operations to the server
try{
$context.executeQuery()
write-host "info: View created succesfully" -foregroundcolor green
}
catch{
write-host "info: $($_.Exception.Message)" -foregroundcolor red
}
}
new-SPOnlineView

image

You will be asked to enter the password and press enter

image

Verify if the view has been created for the list / library

image

Tips

You can find more properties for the ViewCreationInformation class at https://msdn.microsoft.com/EN-US/library/office/microsoft.sharepoint.client.viewcreationinformation_members.aspx.

The columns are case-sensitive so make sure you type these correctly, otherwise you will see an error “column does not exist”

Add content type to an SharePoint Online list with PowerShell

This is part 8 of 10 where we will be adding a content type to an SharePoint Online list with PowerShell. This is part of the following series:

We will be collecting all available web templates in part 1 so we can use this to create a new site in part 2. In part 3 we will be creating a web for the newly created site. We then want to create a couple of site columns in part 4 which we will combine to a content type in part 5. This content type will be added (part 8) to our newly created document library in part 7 using a list template from part 6. After everything is set we will be setting the view in part 9 for this list to show the added columns we got from adding the content type. We only want to set permissions for myself so I’ll will be breaking the inheritance and setting permissions in part 10.

Add content type to an SharePoint Online list

This script will update the library to enable multiple content types and then add the newly created content type. We will first start by opening the SharePoint Online Management Shell as administrator which can be downloaded at https://www.microsoft.com/en-us/download/details.aspx?id=35588.

image

You will need to change the first variables to match your Office 365 tenant and copy this bit to PowerShell.

function update-spOnlineListWithContentType {
 #variables that needs to be set before starting the script
 $siteURL = "https://spfire.sharepoint.com/sites/BlogDemo"
 $adminUrl = "https://spfire-admin.sharepoint.com"
 $userName = "mpadmin@spfire.onmicrosoft.com"
 $listName = "finance"
 $ctID = "0x010100DD6BABAC17A5504DB29949148A37DA61"
 
 # Let the user fill in their password in the PowerShell window
 $password = Read-Host "Please enter the password for $($userName)" -AsSecureString
 
 # set SharePoint Online credentials
 $SPOCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $password)
  
 # Creating client context object
 $context = New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
 $context.credentials = $SPOCredentials
 $list = $context.web.lists.GetByTitle($listName)
 $ct = $context.web.contenttypes.getbyid($ctID)
 $context.load($ct)
 $context.load($list)
 $context.load($list.contenttypes)
 
 #send the request containing all operations to the server
 try{
  $context.executeQuery()
  write-host "info: ClientContext object executed" -foregroundcolor green
 }
 catch{
  write-host "info: Error executing ClientContext object" -foregroundcolor red
 }
 
 #enable multiple content types for the library and add the content type
 $list.ContentTypesEnabled = $true
 $AddCT = $list.ContentTypes.AddExistingContentType($ct)
 $list.update()
 write-host "info: Enabled multiple content types"
 
 #send the request containing all operations to the server
 try{
  $context.executeQuery()
  write-host "info: added the content type to the list" -foregroundcolor green
 }
 catch{
  write-host "info: $($_.Exception.Message)" -foregroundcolor red
 }
}
update-spOnlineListWithContentType

image

You will be asked to enter the password and press enter

image

Verify if the content type has been added to the specified list / library

image

Tips

You can find the Content Type ID with PowerShell or navigate to site settings and then click on content types and then click on the content type you wish to be the parent

image

You can find the ID in the URL after ctype=<ContentTypeID>