Microsoft 365 : SharePoint Online – Change group permissions using PowerShell

by · Published · Updated

.

“You are stronger than you know

.

Hello Everyone,

Hope you all are doing well.

In this article we are going to discuss how to change group permissions of a SharePoint Online site using PowerShell.

We have good list of articles on SharePoint Online using PowerShell, please have a look.

https://knowledge-junction.in/category/technology-articles/powershell-cmdlets/sharepoint-online-powershell-cmdlets/

So without getting late, let’s get started.

Background

In our organization, one of our project requirement is to change the group permissions on the basis of permission levels using PowerShell. So we are started using PowerShell script to change the permissions of a group and showing the process.

Details

  • We need SharePoint Site URL, Group name, permissions to add and permissions to remove.
  • Open PowerShell ISE.
  • Now ran the PowerShell with the following cmdlet to change the group permissions.

Note: The line starting with “#” are just description heading or comment.

Prerequisites

  • Install PowerShell ISE / PowerShell / Visual Studio Code if its not installed.
  • Install SharePoint Online Management Shell if its not installed.
#Install SharePoint Online Management Shell if its not installed
Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Detailed Steps – PowerShell script

  • Load the SharePoint Online CSOM Assemblies.
#Load SharePoint CSOM Assemblies

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

  • Set variables for Site URL, Group name, Permission to remove and Permission to add.
#Variables for Processing
$SiteURL = "https://osinfotech.sharepoint.com/sites/subsite"
$GroupName="subsite Members"
$PermissionToRemove="Read"
$PermissionToAdd="Edit"

  • Setup the credentials of the user to connect SharePoint Online
#Setup Credentials to connect
$Credentials = Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Credentials.UserName,$Credentials.Password)

  • Use try to monitor the errors
#Monitor the errors 
Try {}

  • Setup the context with site URL and credentials.
#Setup the context
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Context.Credentials = $Credentials

  • Get all the groups details of a SharePoint Online site
#Get all Groups of the site
$Groups = $Context.Web.SiteGroups
$Context.Load($Groups)
$Context.ExecuteQuery()

  • Get all the groups with group title
#Get Group Names
$GroupNames =  $Groups | Select -ExpandProperty Title

  • Check the given group is already exist in the site
#Check if the given group exists
If($GroupNames -contains $GroupName)

  • Get the group with group title
#Get the Group
$Group = $Context.Web.SiteGroups.GetByName($GroupName)

  • Set variables for permission to add and permission to add.
#Get Permission Levels to add and remove
$RoleDefToAdd = $Context.web.RoleDefinitions.GetByName($PermissionToAdd)
$RoleDefToRemove = $Context.web.RoleDefinitions.GetByName($PermissionToRemove)

  • Set variable for role assignment on the web.
#Get the Group's role assignment on the web
$RoleAssignment = $Context.web.RoleAssignments.GetByPrincipal($Group)

  • Remove the permission and add permission to the group.
#Add/remove permission levels to the role assignment
$RoleAssignment.RoleDefinitionBindings.Add($RoleDefToAdd)
$RoleAssignment.RoleDefinitionBindings.Remove($RoleDefToRemove)
$RoleAssignment.Update()
$Context.ExecuteQuery()

  • Print the details, if the permissions updated successfully.
#Print if group permissions updated successfully
write-host  -f Green "Group permissions updated Successfully!"

  • Print the details, if the group doesn’t not exist on the site.
else
    {
        #Print if group doesn't exist
        Write-host -f Yellow "Group Doesn't exist in the site!"
    }

  • Catch the errors from the main Try block
#Catch the errors
Catch {}

  • Print the error details, if the permissions were not updated
#Print error details
write-host -f Red "Error Updating Group Permissions!" $_.Exception.Message

Complete PowerShell Script

<#
======================================================================================================================================
Name:           Change the permissions of a SharePoint Online site group through PowerShell
Description:    This script helps to change the permissions of a SharePoint Online group in an Organization through PowerShell
Version:        1.0
======================================================================================================================================
#>

#Install SharePoint Online Management Shell if its not installed
#Install-Module -Name Microsoft.Online.SharePoint.PowerShell

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
  
#Variables for Processing
$SiteURL = "https://osinfotech.sharepoint.com/sites/subsite"
$GroupName="subsite Members"
$PermissionToRemove="Read"
$PermissionToAdd="Edit"
 
#Setup Credentials to connect
$Credentials = Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Credentials.UserName,$Credentials.Password)

#Monitor the errors 
Try {
    #Setup the context
    $Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Context.Credentials = $Credentials
 
    #Get all groups of the site
    $Groups = $Context.Web.SiteGroups
    $Context.load($Groups)
    $Context.ExecuteQuery()
     
    #Get Group Names
    $GroupNames =  $Groups | Select -ExpandProperty Title
     
    #Check if the given group exists
    If($GroupNames -contains $GroupName)
    {
        #Get the Group
        $Group = $Context.Web.SiteGroups.GetByName($GroupName)
 
        #Get Permission Levels to add and remove
        $RoleDefToAdd = $Context.web.RoleDefinitions.GetByName($PermissionToAdd)
        $RoleDefToRemove = $Context.web.RoleDefinitions.GetByName($PermissionToRemove)
         
        #Get the Group's role assignment on the web
        $RoleAssignment = $Context.web.RoleAssignments.GetByPrincipal($Group)
         
        #Add/remove permission levels to the role assignment
        $RoleAssignment.RoleDefinitionBindings.Add($RoleDefToAdd)
        $RoleAssignment.RoleDefinitionBindings.Remove($RoleDefToRemove)
        $RoleAssignment.Update()
        $Context.ExecuteQuery()
 
        #Print if group permissions updated successfully
        write-host  -f Green "Group permissions updated Successfully!"
    }
    else
    {   
        #Print if group doesn't exist
        Write-host -f Yellow "Group Doesn't exist!"
    }
}

#Handle the errors
Catch {
        #Print error details
        write-host -f Red "Error Changing Group Permissions!" $_.Exception.Message
}

.

Credits : Salaudeen Rajack

.

Hope this article will help us to change the permissions of a SharePoint Online group through PowerShell.

Also get my article updates on my social media handles.

LinkedIn – https://www.linkedin.com/in/khasim-shaik-8784a1232/

Twitter – https://twitter.com/KhasimShaik2009

Facebook – https://www.facebook.com/profile.php?id=100078255554660

Thank you for your support, will catch up with new article soon.

Keep learning and keep smiling.

Tags:

Khasim Shaik

SharePoint & Power Platform Developer at OS InfoTech

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: