Last active
August 29, 2015 14:14
-
-
Save Na0mir/4d45c0fd1f24e35e1ad2 to your computer and use it in GitHub Desktop.
This script remove / add / update permissions of folders and libraries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ---------------------------------------------- | |
# Author: Romain Blanchard | |
# Date: 04.02.2015 | |
# Description: This script remove / add / update permissions of folders and libraries. | |
# ---------------------------------------------- | |
# Parameters | |
param( | |
[parameter(Mandatory = $true)] | |
[ValidateNotNullOrEmpty()] | |
$Url | |
) | |
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue | |
# Initialize log file. | |
$date = Get-Date -Format yyyy-MM-d-HHmmss | |
$logfile = "MBD_RemoveUnwantedPermissions_tmp_" + $date + ".txt" | |
Start-Transcript -Path $logfile -Force | Out-Null | |
# Initialize variables | |
$oWeb = Get-SPWeb $Url | |
$oWeb.AllowUnsafeUpdates = $true | |
Write-Host "" | |
Write-Host "## Working on MBD Document ##" -ForegroundColor Yellow | |
Write-Host "" | |
## Update MBD Document library permissions ## | |
$oDocLib = $oWeb.Lists["MBD Documents"] | |
if ($oDocLib -ne $null) | |
{ | |
foreach ($folder in $oDocLib.RootFolder.SubFolders) | |
{ | |
# Skip hidden "Forms" folder | |
if ($folder.Name -eq "Forms") | |
{ | |
continue | |
} | |
# Work on all folders of the library | |
Write-Host "Working on '$folder' folder..." -ForegroundColor Yellow | |
[Microsoft.SharePoint.SPRoleAssignmentCollection]$spRoleAssignments = $folder.Item.RoleAssignments | |
for([int] $a=$spRoleAssignments.Count-1; $a -ge 0;$a--) | |
{ | |
# Edit all group's permissions who contains "Approvers", except the one who contains the name of the list | |
$filter = "*"+ $folder.Name + "*" | |
if($spRoleAssignments[$a].Member.Name -notlike $filter -and $spRoleAssignments[$a].Member.Name -like "*Approvers*") | |
{ | |
# Remove existing permissions | |
$groupname = $spRoleAssignments[$a].Member.Name | |
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine | |
$spRoleAssignments.Remove($a); | |
Write-Host " done!" -ForegroundColor green | |
# Add new permissions | |
Write-Host " Add read permission for "$groupname"..." -NoNewLine | |
$account = $oWeb.SiteGroups[$groupname] | |
$readassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account) | |
$role = $oWeb.RoleDefinitions["Read"] | |
$readassignment.RoleDefinitionBindings.Add($role); | |
$folder.Item.RoleAssignments.Add($readassignment) | |
Write-Host " done!" -ForegroundColor green | |
} | |
} | |
} | |
} | |
else { | |
Write-Host "MBD Document library cannot be found." -ForegroundColor Red | |
} | |
Write-Host "" | |
Write-Host "## Working on Archives ##" -ForegroundColor Yellow | |
Write-Host "" | |
## Update Archives library permissions ## | |
$oArchives = $oWeb.Lists["Archives"] | |
if ($oArchives -ne $null) | |
{ | |
Write-Host "Breaking role inheritance of the library..." -NoNewLine | |
$oArchives.BreakRoleInheritance($true) | |
Write-Host " done!" -ForegroundColor green | |
[Microsoft.SharePoint.SPRoleAssignmentCollection]$spRoleAssignments = $oArchives.RoleAssignments | |
for([int] $a=$spRoleAssignments.Count-1; $a -ge 0;$a--) | |
{ | |
# Remove all group's permissions and give only read access, except for Owners group | |
if($spRoleAssignments[$a].Member.Name -like "*Owners*") | |
{ | |
# Remove existing permissions | |
$groupname = $spRoleAssignments[$a].Member.Name | |
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine | |
$spRoleAssignments.Remove($a); | |
Write-Host " done!" -ForegroundColor green | |
# Add full control permissions | |
Write-Host " Add full permission for "$groupname"..." -NoNewLine | |
$account = $oWeb.SiteGroups[$groupname] | |
$fullcontrolassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account) | |
$role = $oWeb.RoleDefinitions["Full Control"] | |
$fullcontrolassignment.RoleDefinitionBindings.Add($role); | |
$oArchives.RoleAssignments.Add($fullcontrolassignment) | |
Write-Host " done!" -ForegroundColor green | |
} | |
else | |
{ | |
# Remove existing permissions | |
$groupname = $spRoleAssignments[$a].Member.Name | |
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine | |
$spRoleAssignments.Remove($a); | |
Write-Host " done!" -ForegroundColor green | |
# Add read permissions | |
Write-Host " Add read permission for "$groupname"..." -NoNewLine | |
$account = $oWeb.SiteGroups[$groupname] | |
$fullcontrolassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account) | |
$role = $oWeb.RoleDefinitions["Read"] | |
$fullcontrolassignment.RoleDefinitionBindings.Add($role); | |
$oArchives.RoleAssignments.Add($fullcontrolassignment) | |
Write-Host " done!" -ForegroundColor green | |
} | |
} | |
} | |
else { | |
Write-Host "Archives library cannot be found." -ForegroundColor Red | |
} | |
# Set back options | |
$oWeb.AllowUnsafeUpdates = $false | |
# Write log file | |
Stop-Transcript | Out-Null | |
$log = Get-Content $logfile | |
$log > $logfile.Replace('txt','log') | |
Remove-Item $logfile -Confirm:$false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment