Working with SharePoint Library Folders and Permissions

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of David David 1 year, 8 months ago.

  • Author
    Posts
  • #23634
    Profile photo of David
    David
    Participant

    OK, I am not sure that I am going about some of this the right way. I am very new to PowerShell and trying to learn and there is no one that I work with very fluent with PowerShell or with SharePoint scripting. I have a project where there are +-160 folders in a SharePoint library. Each folder is named after a current user as LName, FName, MI. Each folder should have unique permissions for one user plus some sub-folders for their manager. No one regular user should have access to any other folder but his own. I have put together a script that will use a text file with columns of information pulled from Active Directory that includes Surname, GivenName, Initials, SamAccountName, and Manager. What I want to do is to match or compare the SharePoint folder name with the users' information and if it matches, use the SamAccountName to read permissions for the user for only that folder with subfolders and then break permissions inheritance for the folders.
    I started out using Active Directory cmdlets in my code and then I thought maybe some of that was the problem, but my problem is matching and then giving permissions. I then used the AD command that I needed to get the information and dumped it into a csv file and then started using that file in my code to pull the user information from. Could someone help me out with some of this please??????

  • #23715
    Profile photo of Matt McNabb
    Matt McNabb
    Participant

    I don't have an on-prem sharepoint I can test this against, but maybe we can figure this out.

    Right out of the gate, your name matching will not work. You should use -eq instead of -match:

    If ($Folder.Field.FullName -eq "$($User.GivenName) $($User.Surname)")

    Of course, that's assuming that the folder names do match exactly with the AD user's first and last names. Make sure you test the comparisons on their own and see if the logic works. Then add it in to the script.

    Any other info you can give us would be helpful as well. For instance, is this script returning any errors?

  • #23725
    Profile photo of David
    David
    Participant

    Ok, I got a little help from someone else the other day on how to do this and here is what I have now. It works to match the names to the folder and it gives permissions so the script does exactly what I want it to do. But, even though it does what I want it to do, there are a couple of other things that I wish it could do.
    The folders in the library come out to a count of about 770 with only 160 or so current employees (the rest are term employees). That means only 160 out of 770 will need user permissions so when the script runs it gives limited read to all users for those other folders because they have inherited permissions. So, If I break permissions for everything in that library before I run this script, I only apply Read permissions for these 160 users to their top folder and none of the subfolders. I am not sure how I can get around this since my script is only checking the top folder against the text file.

    $importList = import-csv -Delimiter "`t" -Path c:\powershell\sp\input_files\users.txt
    ForEach ($Item in $importList) {
        $Manager = $Item.Manager
        
        $docLib.folders |
        Where-Object{
            $username="$($Item.Surname).*$($Item.GivenName)"
            $_.title -match $username
            Write-Host $_.Title 
        } |
        ForEach-Object{ 
            $_.BreakRoleInheritance("true")
            $account=$web.EnsureUser($Item.SamAccountName)
            $assignment1=New-Object Microsoft.Sharepoint.sproleAssignment($account)
            $assignment1.Roledefinitionbindings.Add($Role)
            $_.RoleAssignments.Add($assignment1)
            $_.Update()
           
        }
        break   
    }
    $web.dispose()
    

You must be logged in to reply to this topic.