I know that there are lot of sites and scripts where you can find how to create bunch of folders and set permissions on them via PowerShell. But I was not able to find all in one place. For instance, how to create folder, how to add AD user or group with certain permission level, how to set permission inheritance on some folder etc.
Therefore I wrote couple of functions which will hopefully help you to configure your folder structure, as well as necessary permissions. Best thing is that you can create .csv file and create load of folders and permissions at once.
<#
.Synopsis
This function creates folder in SharePoint list
.DESCRIPTION
This function creates folder in SharePoint list
.EXAMPLE
Create-SPFolder -WebURL http://ift.tt/1MCEB4D -listName Listname -RootFolderURL Listname -FolderName MyFirstFolder -Verbose
#>
function Create-SPFolder
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$RootFolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$FolderName
)
Begin
{
$website = Get-SPWeb $WebURL
$list = $website.Lists[$listname]
}
Process
{
If ($website.GetFolder("$RootFolderURL/$foldername").Exists){
Write-Verbose "SharePoint folder already exists. Skiping...."
}
else{
$folder = $list.AddItem($RootFolderURL, [Microsoft.SharePoint.SPFileSystemObjectType]::Folder, "$folderName")
$folder.Update()
Write-Verbose "SharePoint folder $foldername created on location $RootFolderURL/$foldername"
}
}
End
{
$web.Dispose()
}
}
<#
.Synopsis
This function sets permissions to SharePoint folder
.DESCRIPTION
This function sets permissions to SharePoint folder; it breaks inheritance and add AD user with defined permission level
.EXAMPLE1
Set-SPFolderUserUniquePermission -WebURL http://ift.tt/1MCEB4D -listName Listname -FolderURL "Listname/MyFirstFolderName" -PermissionLevel "Contribute" -User AD\MyAccount -Verbose
.EXAMPLE2
Set-SPFolderUserUniquePermission http://ift.tt/1MCEB4D "Listname" "Listname/MyFirstFolderName" -PermissionLevel "Read" AD\MyAccount -Verbose
.EXAMPLE3
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Set-SPFolderUserUniquePermission -WebURL $line.weburl -listName $line.listName -FolderURL $line.FolderUrl -PermissionLevel $line.PermissionLevel -User $line.ADUser -Verbose
}
#>
function Set-SPFolderUserUniquePermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$FolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
$PermissionLevel,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=4)]
$User
)
Begin
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $listName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
$group = $website.SiteUsers[$user];
}
Process
{
$spFolder.BreakRoleInheritance($false);
$roleAssignment = New-Object microsoft.sharepoint.SPRoleAssignment($group)
$roleDefinition = $website.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$spFolder.RoleAssignments.Add($roleAssignment)
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
<#
.Synopsis
This function set SharePoint folder permission to inherit from parent.
.DESCRIPTION
This function set SharePoint folder permission to inherit from parent.
.EXAMPLE1
Set-SPFolderInheritPermission -WebURL http://ift.tt/1MCEB4D -listName Listname -FolderURL "Listname/MyFirstFolderName"
.EXAMPLE2
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Set-SPFolderInheritPermission -WebURL $line.weburl -listName $line.listName -FolderURL $line.FolderUrl
}
#>
function Set-SPFolderInheritPermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$FolderURL
)
Begin
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $listName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
}
Process
{
$spFolder.ResetRoleInheritance()
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
<#
.Synopsis
This function sets permissions to SharePoint folder
.DESCRIPTION
This function sets permissions to SharePoint folder; it breaks inheritance and add SharePoint group with defined permission level
.EXAMPLE1
Set-SPFolderGroupUniquePermission -WebURL http://ift.tt/1MCEB4D -listName Listname -FolderURL "Listname/MyFirstFolderName" -PermissionLevel "Contribute" -SPGroup "HR" -Verbose
.EXAMPLE2
Set-SPFolderGroupUniquePermission http://ift.tt/1MCEB4D "Listname" "Listname/MyFirstFolderName" -PermissionLevel "Read" "HR" -Verbose
.EXAMPLE3
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Set-SPFolderGroupUniquePermission -WebURL $line.weburl -listName $line.listName -FolderURL $line.FolderUrl -PermissionLevel $line.PermissionLevel -Group $line.SPGroup -Verbose
}
#>
function Set-SPFolderGroupUniquePermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$FolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
$PermissionLevel,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=4)]
$SPGroup
)
Begin
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $listName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
$group = $website.SiteGroups[$SPGroup];
}
Process
{
$spFolder.BreakRoleInheritance($false);
$roleAssignment = New-Object microsoft.sharepoint.SPRoleAssignment($group)
$roleDefinition = $website.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$spFolder.RoleAssignments.Add($roleAssignment)
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Create-SPFolder -WebURL $line.WebUrl -listName $line.ListName -RootFolderURL $line.RootFolderUrl -FolderName $line.FolderName -Verbose
}
foreach ($line in $csv){
$FolderUrl = $line.RootFolderUrl + '/' + $line.FolderName
Set-SPFolderInheritPermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -Verbose
}
foreach ($line in $csv){
$FolderUrl = $line.RootFolderUrl + '/' + $line.FolderName
if($line.SPGroup){
Set-SPFolderGroupUniquePermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -PermissionLevel $line.PermissionLevel -SPGroup $line.SPGroup -Verbose
Write-host $line.ADUser $line.SPGroup $FolderUrl
}
elseif($line.ADUser){
Set-SPFolderUserUniquePermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -PermissionLevel $line.PermissionLevel -User $line.ADUser -Verbose
Write-host $line.ADUser $line.SPGroup $FolderUrl
}
else{
Write-Verbose "No security groups to configure. Skiping...."
}
}
by Krsto Savic via Everyone's Blog Posts - SharePoint Community
No comments:
Post a Comment