none
Edit Permission Levels with Powershell (or another tool)

    Question

  • Hi all,

    I need to edit Permission Levels across multiple site collections and was looking to Powershell for this task (ex. change the Contribute permission level to include "Manage Lists")

    This current script allows me to Add a custom permission level, but any direction on how to edit an existing permission level?

    $spWeb = Get-SPWeb http://SP2010
    $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition
    $spRoleDefinition.Name = "Custom"
    $spRoleDefinition.Description = "Can Create and Modify Items, Not Delete"
    $spRoleDefinition.BasePermissions = "Base Permission 1, Base Permission 2, etc."
    $spweb.RoleDefinitions.Add($spRoleDefinition)

     


    Personal Blog: http://thebitsthatbyte.com
    Wednesday, October 12, 2011 3:19 PM

Answers

  • Hiya,

    to update the base permissions, just grab the existing ones, and reset them, including those and the one(s) you want to add. Example code (you might want to add some checks to make sure Permission Levels exist, etc):

    $spSite = Get-SPSite "http://yoursite"
    $spWeb = $spSite.RootWeb
    $PermissionLevel = "Contribute"
    $BasePermission = "ManageLists"
    $roleDef = $spWeb.RoleDefinitions[$PermissionLevel]
    $bps = $roleDef.BasePermissions
    $roleDef.BasePermissions = "$bps", "$BasePermission"
    $roleDef.Update()
    $spWeb.Dispose()
    $spSite.Dispose()

    To get all the names of the Base Permissions, use this:

    [System.Enum]::GetNames("Microsoft.SharePoint.SPBasePermissions")

    Hope that helps!

    P


    You can't be right all the time, but you can be smart everyday.


    Tuesday, October 16, 2012 1:01 PM

All replies

  • The goal is to have all site collections with the same permission levels are the OOTB levels do not meet the requirements.
    Personal Blog: http://thebitsthatbyte.com
    Wednesday, October 12, 2011 3:29 PM
  • Hiya,

    to update the base permissions, just grab the existing ones, and reset them, including those and the one(s) you want to add. Example code (you might want to add some checks to make sure Permission Levels exist, etc):

    $spSite = Get-SPSite "http://yoursite"
    $spWeb = $spSite.RootWeb
    $PermissionLevel = "Contribute"
    $BasePermission = "ManageLists"
    $roleDef = $spWeb.RoleDefinitions[$PermissionLevel]
    $bps = $roleDef.BasePermissions
    $roleDef.BasePermissions = "$bps", "$BasePermission"
    $roleDef.Update()
    $spWeb.Dispose()
    $spSite.Dispose()

    To get all the names of the Base Permissions, use this:

    [System.Enum]::GetNames("Microsoft.SharePoint.SPBasePermissions")

    Hope that helps!

    P


    You can't be right all the time, but you can be smart everyday.


    Tuesday, October 16, 2012 1:01 PM