SharePoint online: remove and Add permission from each document folder by PowerShell via CSV file

Question

Hi,

I'm looking for solution on following.

I want to remove and Add the same permission user/group from a document library the folder and subfolder with permission settings and want it as CSV file input.

How can I do this ?

Thank you in advance.

Answer 1

Hi @Aziz Rachid ,

Per my research and testing, you can use the following code to remove user from folder permissions via a CSV file by PowerShell:

#Config Variables  
$SiteURL = "https://crescent.sharepoint.com/sites/legal"  
$ListName="Work"  
$CSVFile = "C:\Temp\Folders.csv"  
$UserAccount = "i:0#.f|membership|steve@crescent.com"  
   
Try {  
    #Connect to PnP Online  
    Connect-PnPOnline -Url $SiteURL -Interactive  
   
    #Get content from CSV file  
    Import-Csv $CSVFile | ForEach-Object {  
        Write-host "Processing Folder:"$_.URL  
        #Get the Folder from URL  
        $Folder = Get-PnPFolder -Url $_.URL  
   
        #Get Folder Item  
        $FolderItem = Get-PnPProperty -ClientObject $Folder -Property ListItemAllFields  
        $HasUniquePerm =  Get-PnPProperty -ClientObject $FolderItem -Property HasUniqueRoleAssignments  
   
        #Break Permission Inheritance  
        If(!$HasUniquePerm)  
        {  
            $FolderItem.BreakRoleInheritance($True, $True)  
            Write-host "`tFolder's Permission Inheritance Broken!"  
        }  
        #Get the User  
        $User = Get-PnPUser -Identity $UserAccount -ErrorAction Stop  
   
        #Get Permissions from the Folder  
        $RoleAssignments = Get-PnPProperty -ClientObject $FolderItem -Property RoleAssignments  
   
        #Remove user from folder permissions  
        [Bool]$UserFound = $false  
        ForEach($RoleAssignment in $RoleAssignments)  
        {  
           $Member =  Get-PnPProperty -ClientObject $RoleAssignment -Property Member  
           If($Member.LoginName -eq $User.LoginName)  
           {  
                $UserFound = $True  
                $FolderItem.RoleAssignments.GetByPrincipal($User).DeleteObject()  
                Invoke-PnPQuery  
           }  
        }  
           
        If($UserFound) { Write-host "`tRemoved user from Folder Permission!" }   
    }  
}  
Catch {  
    write-host -f Red "Error Removing user from Folder:" $_.Exception.Message  
}  

More information for reference:

Remove User/Group from Folder Permissions via a CSV file :
https://www.sharepointdiary.com/2017/10/sharepoint-online-remove-user-group-from-folder-permissions-using-powershell.html

Add Group to Folder using PowerShell:
https://sharepoint.stackexchange.com/questions/109840/add-group-to-folder-in-a-document-library-using-powershell

Hope it can help you. Thanks for your understanding and support.

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

-----------------------------------------------------------------------------
Update-----------------------------------------------------------------------------
If you want to remove Unique Permissions from a file of a library, you can use the following code .Hope it can help you .Thanks for your understanding and support.

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"  
   
Function Remove-ListItemUniquePermissions  
{  
param  
    (  
        [Parameter(Mandatory=$true)] [string] $SiteURL,  
        [Parameter(Mandatory=$true)] [string] $ListName,  
        [Parameter(Mandatory=$true)] [string] $ItemID         
    )  
   
    Try {  
        $Cred= Get-Credential  
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)  
   
        #Setup the context  
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
        $Ctx.Credentials = $Credentials  
   
        #Remove unique permissions and reset inheritance  
        $List=$Ctx.Web.Lists.GetByTitle($ListName)  
        $ListItem=$List.GetItemByID($ItemID)  
        $ListItem.ResetRoleInheritance()  
        $Ctx.ExecuteQuery()  
   
        Write-Host "Unique Permissions are removed and inherited from the Parent!" -ForegroundColor Green  
    }  
   
    Catch {  
        write-host -f Red "Error Deleting Unique Permissions!" $_.Exception.Message  
    }  
}  
   
  
$SiteURL="https://xxx.sharepoint.com/sites/xxx"  
$ListName="ListTtest"  
$ItemID="1"  
   
  
Remove-ListItemUniquePermissions -SiteURL $SiteURL -ListName $ListName -ItemID $ItemID   

More information for reference:
https://www.sharepointdiary.com/2016/02/powershell-to-delete-unique-permissions-for-all-list-items-sharepoint-online.html
https://www.sharepointdiary.com/2019/02/sharepoint-online-remove-unique-permissions-from-all-folders-using-powershell.html

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---