Author Posts

December 13, 2017 at 9:26 am

hi,

I'm currently removing permissions from specific items in SharePoint.
I'm nearly there, the only issue is that my script only appears to remove one or 2 groups at a time (I want all groups and users removed). I think the problem is with the last part of my script.

For example, the following groups have access to this item:
Test_Group: Full Control
IT Group: Contribute, Full Control
User: Full Control

That's the result when I run "Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name"

After running this part ...$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

$listroleassgnment.Update()..., one or 2 of the groups will be removed or perhaps the user. But my goal is to have the user and groups removed (everything).

Here's the full script, thanks for any help.


Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll" 
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" 


$siteURL="https://company.sharepoint.com/sites/IT"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
  
$userId = "name@company.com"  
$pwd=Get-Content "C:\Temp\Password.txt" | ConvertTo-SecureString  
$creds=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userId, $pwd)  
$ctx.credentials = $creds  

$web = $ctx.Web 
$list = $web.Lists.GetByTitle("Cases")
$ctx.Load($list)
# Load in list of groups on the current web.
$groups = $web.SiteGroups
$ctx.Load($groups)
$ctx.ExecuteQuery()

#Get the TicketID and load
$ItemID="12448"
$CMRSItems = $list.GetItemById($ItemID)
$ctx.Load($CMRSItems)
$ctx.ExecuteQuery()

#Get the role assignment for the particular Group
$listroleassignments = $CMRSItems.RoleAssignments
$ctx.Load($listroleassignments)
$ctx.ExecuteQuery()

foreach($listroleassgnment in $listroleassignments)
{
$ctx.Load($listroleassgnment.Member)
$ctx.Load($listroleassgnment.RoleDefinitionBindings)
$ctx.ExecuteQuery()

foreach($listroledefinition in $listroleassgnment.RoleDefinitionBindings)
{
$ctx.Load($listroledefinition)
$ctx.ExecuteQuery()

$ctx.Load($listroleassgnment)
$ctx.ExecuteQuery()

Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name

$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

$listroleassgnment.Update()

}
}

December 13, 2017 at 9:31 am

hi,

I'm currently removing permissions from specific items in SharePoint.
I'm nearly there, the only issue is that my script only appears to remove one or 2 groups at a time (I want all groups and users removed). I think the problem is with the last part of my script.

For example, the following groups have access to this item:
Test_Group: Full Control
IT Group: Contribute, Full Control
User: Full Control

That's the result when I run "Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name"

After running this part ...$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

$listroleassgnment.Update()..., one or 2 of the groups will be removed or perhaps the user. But my goal is to have the user and groups removed (everything).

Here's the full script, thanks for any help.


Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll" 
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" 


$siteURL="https://company.sharepoint.com/sites/IT"
$ctx=New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
  
$userId = "name@company.com"  
$pwd=Get-Content "C:\Temp\Password.txt" | ConvertTo-SecureString  
$creds=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userId, $pwd)  
$ctx.credentials = $creds  

$web = $ctx.Web 
$list = $web.Lists.GetByTitle("Cases")
$ctx.Load($list)
# Load in list of groups on the current web.
$groups = $web.SiteGroups
$ctx.Load($groups)
$ctx.ExecuteQuery()

#Get the TicketID and load
$ItemID="12448"
$CMRSItems = $list.GetItemById($ItemID)
$ctx.Load($CMRSItems)
$ctx.ExecuteQuery()

#Get the role assignment for the particular Group
$listroleassignments = $CMRSItems.RoleAssignments
$ctx.Load($listroleassignments)
$ctx.ExecuteQuery()

foreach($listroleassgnment in $listroleassignments)
{
$ctx.Load($listroleassgnment.Member)
$ctx.Load($listroleassgnment.RoleDefinitionBindings)
$ctx.ExecuteQuery()

foreach($listroledefinition in $listroleassgnment.RoleDefinitionBindings)
{
$ctx.Load($listroledefinition)
$ctx.ExecuteQuery()

$ctx.Load($listroleassgnment)
$ctx.ExecuteQuery()

Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name

$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

$listroleassgnment.Update()

}
}