Remove Permissions via powershell

This topic contains 1 reply, has 1 voice, and was last updated by  Noel 1 month, 1 week ago.

  • Author
    Posts
  • #89081

    Noel
    Participant

    hi,

    I'm currently removing permissions from specific items in SharePoint.
    I'm nearly there, the only issue is that my script only appears to remove one or 2 groups at a time (I want all groups and users removed). I think the problem is with the last part of my script.

    For example, the following groups have access to this item:
    Test_Group: Full Control
    IT Group: Contribute, Full Control
    User: Full Control

    That's the result when I run "Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name"

    After running this part ...$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

    $listroleassgnment.Update()..., one or 2 of the groups will be removed or perhaps the user. But my goal is to have the user and groups removed (everything).

    Here's the full script, thanks for any help.

    
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll" 
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" 
    
    
    $siteURL="https://company.sharepoint.com/sites/IT"
    $ctx=New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
      
    $userId = "name@company.com"  
    $pwd=Get-Content "C:\Temp\Password.txt" | ConvertTo-SecureString  
    $creds=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userId, $pwd)  
    $ctx.credentials = $creds  
    
    $web = $ctx.Web 
    $list = $web.Lists.GetByTitle("Cases")
    $ctx.Load($list)
    # Load in list of groups on the current web.
    $groups = $web.SiteGroups
    $ctx.Load($groups)
    $ctx.ExecuteQuery()
    
    #Get the TicketID and load
    $ItemID="12448"
    $CMRSItems = $list.GetItemById($ItemID)
    $ctx.Load($CMRSItems)
    $ctx.ExecuteQuery()
    
    #Get the role assignment for the particular Group
    $listroleassignments = $CMRSItems.RoleAssignments
    $ctx.Load($listroleassignments)
    $ctx.ExecuteQuery()
    
    foreach($listroleassgnment in $listroleassignments)
    {
    $ctx.Load($listroleassgnment.Member)
    $ctx.Load($listroleassgnment.RoleDefinitionBindings)
    $ctx.ExecuteQuery()
    
    foreach($listroledefinition in $listroleassgnment.RoleDefinitionBindings)
    {
    $ctx.Load($listroledefinition)
    $ctx.ExecuteQuery()
    
    $ctx.Load($listroleassgnment)
    $ctx.ExecuteQuery()
    
    Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name
    
    $listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);
    
    $listroleassgnment.Update()
    
    }
    }
    
    
  • #89083

    Noel
    Participant

    hi,

    I'm currently removing permissions from specific items in SharePoint.
    I'm nearly there, the only issue is that my script only appears to remove one or 2 groups at a time (I want all groups and users removed). I think the problem is with the last part of my script.

    For example, the following groups have access to this item:
    Test_Group: Full Control
    IT Group: Contribute, Full Control
    User: Full Control

    That's the result when I run "Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name"

    After running this part ...$listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);

    $listroleassgnment.Update()..., one or 2 of the groups will be removed or perhaps the user. But my goal is to have the user and groups removed (everything).

    Here's the full script, thanks for any help.

    
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll" 
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" 
    
    
    $siteURL="https://company.sharepoint.com/sites/IT"
    $ctx=New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
      
    $userId = "name@company.com"  
    $pwd=Get-Content "C:\Temp\Password.txt" | ConvertTo-SecureString  
    $creds=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userId, $pwd)  
    $ctx.credentials = $creds  
    
    $web = $ctx.Web 
    $list = $web.Lists.GetByTitle("Cases")
    $ctx.Load($list)
    # Load in list of groups on the current web.
    $groups = $web.SiteGroups
    $ctx.Load($groups)
    $ctx.ExecuteQuery()
    
    #Get the TicketID and load
    $ItemID="12448"
    $CMRSItems = $list.GetItemById($ItemID)
    $ctx.Load($CMRSItems)
    $ctx.ExecuteQuery()
    
    #Get the role assignment for the particular Group
    $listroleassignments = $CMRSItems.RoleAssignments
    $ctx.Load($listroleassignments)
    $ctx.ExecuteQuery()
    
    foreach($listroleassgnment in $listroleassignments)
    {
    $ctx.Load($listroleassgnment.Member)
    $ctx.Load($listroleassgnment.RoleDefinitionBindings)
    $ctx.ExecuteQuery()
    
    foreach($listroledefinition in $listroleassgnment.RoleDefinitionBindings)
    {
    $ctx.Load($listroledefinition)
    $ctx.ExecuteQuery()
    
    $ctx.Load($listroleassgnment)
    $ctx.ExecuteQuery()
    
    Write-Host $listroleassgnment.Member.Title: $listroledefinition.Name
    
    $listroleassgnment.RoleDefinitionBindings.Remove($listroledefinition);
    
    $listroleassgnment.Update()
    
    }
    }
    
    

You must be logged in to reply to this topic.