How to automatically remove access from certain subfolders within a SharePoint document library

Austin Admin 1 Reputation point
2022-01-25T15:16:25.46+00:00

Hi All,

I am trying to automatically remove access from subfolders that are located in a "Job Folder" in a document library.

168373-template-job.png

Here is the folder that we use as a template to make more "Jobs"

Inside this folder are 4 subfolders

168365-template-subfolders.png

The access to the bottom two folders needs to remain the same because everyone needs to access those folders, but for every "Job'" we need to remove site members and visitors from being able to access the top two folders.

Is there any way to automate this instead of going into each "Job" and removing the access from the two top folders? I have tried to use desktop flows in power automate but they are not consistent when removing access.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,682 questions
SharePoint Workflow
SharePoint Workflow
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Workflow: An orchestrated and repeatable pattern of business activity, enabling data transformation, service provision, and information retrieval.
510 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,810 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CaseyYang-MSFT 10,321 Reputation points
    2022-01-26T06:03:31.887+00:00

    Hi @Austin Admin ,

    You could remove group from Folder Permissions using PowerShell as a workaround.

    PowerShell commands: 

    #Load SharePoint CSOM Assemblies  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"  
   
Function Remove-SPOGroupPermissionsFromList()  
{  
  param  
    (  
        [Parameter(Mandatory=$true)] [string] $SiteURL,  
        [Parameter(Mandatory=$true)] [string] $FolderURL,  
        [Parameter(Mandatory=$true)] [string] $GroupName  
    )  
    
    Try {  
        #Get credentials to connect  
        $Cred= Get-Credential  
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)  
    
        #Setup the context  
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
        $Ctx.Credentials = $Credentials  
        $Web = $Ctx.web  
    
        #Get the Folder  
        $Folder = $Web.GetFolderByServerRelativeUrl($FolderURL)  
        $Ctx.Load($Folder)  
        $Ctx.ExecuteQuery()  
        
        #Break Permission inheritence - Keep all existing list permissions & Don't keep Item level permissions  
        $Folder.ListItemAllFields.BreakRoleInheritance($True,$False)  
        $Ctx.ExecuteQuery()  
        Write-host -f Yellow "Folder's Permission inheritance broken..."  
         
        #Get the SharePoint Site Group object  
        $Group =$Web.SiteGroups.GetByName($GroupName)  
        $Ctx.load($Group)  
   
        #Get permissions assigned to the folder  
        $Ctx.Load($Folder.ListItemAllFields.RoleAssignments)  
        $Ctx.ExecuteQuery()  
   
        #Check if the Group has permission on the list  
        [Bool]$GroupFound = $False  
        ForEach($RoleAssignment in $Folder.ListItemAllFields.RoleAssignments)  
        {  
            $ctx.Load($RoleAssignment.Member)  
            $Ctx.ExecuteQuery()  
   
            #remove Group permission from folder  
            If($RoleAssignment.Member.LoginName -eq $Group.LoginName)  
            {  
                $Folder.ListItemAllFields.RoleAssignments.GetByPrincipal($Group).DeleteObject()  
                $Ctx.ExecuteQuery()  
                $GroupFound = $True  
                Write-host "Group Permissions Removed from the List Successfully!" -ForegroundColor Green   
            }  
        }  
        #If Group doesn't exist in list permissions  
        If($GroupFound -eq $False) { Write-host "Group Not found in List Permissions!" -ForegroundColor Red}  
    }  
    Catch {  
       write-host -f Red "Error Removing Group permissions from the Folder!" $_.Exception.Message  
    }  
}  
   
#Config Variables  
$SiteURL="https://xxx"  
$FolderURL="/xxx/xxx"  
$GroupName="xxx"  
   
#Call the function to remove Group permissions from a list  
Remove-SPOGroupPermissionsFromList -SiteURL $SiteURL -FolderURL $FolderURL -GroupName $GroupName

    For Reference: Remove Group from Folder Permissions using PowerShell
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.