none
change SharePoint User group Permission level

    Question

  • Hi,

    I have a group "TestGroup" setup on a site collection with read Permissions and within in that site collection there are sub sites ,document libraries and files with unique permissions and this "TestGroup" is added with Read permission on some sites.

    Our requirement is to update the "TestGroup"   permissions levels to FULL Control from Read where ever  this group added on this site collection.

    if any PowerShell script available please update.

    Your help would be greatly appreciated.

    Thanks,

    Uday


    Thursday, July 09, 2015 4:30 PM

Answers

  • Hi,

    From the error message, it seems that your powershell is broken.

    To determine whether your PS is broken.

    Run the PowerShell with administrator on the SharePoint server, test with some simple command and check whether it is working.

    In additional, Please check the version of the PS: $PSVersionTable

    Best Regards,

    Lisa Chen


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, July 17, 2015 9:09 AM
    Moderator

All replies

  • Uday,

    Hope this helps !

    $site = Get-SPSite http://yourservername/sites/yoursitecollection 
    $groups = $site.RootWeb.sitegroups
    foreach ($grp in $groups) 
    {
       if($grp.name -eq "yourgroupname")
       {
          # Enter the Name of the Permission Level to Change            
    
        $PermissionLevel=$spWeb.RoleDefinitions["CustomOwner"]            
                 
        # Enter all the permissions that Permission Level should have enabled            
        $PermissionLevel.BasePermissions="ViewListItems, AddListItems, EditListItems, DeleteListItems"
    $PermissionLevel.update()
         $grp.update()
         "Group: " + $grp.name; //output the new name
       }
    }
    $site.Dispose()


    Sivabalan

    Thursday, July 09, 2015 4:46 PM
  • Hi,

    From your description, you want to set Full Control instead of Read permission level for a custom group named TestGroup, use the following PowerShell:

    $site = Get-SPSite http://sp
    foreach ($web in $site.AllWebs)
    {   
    foreach($list in $web.Lists)
    {
    $groups = $site.RootWeb.sitegroups
    foreach ($grp in $groups) 
    {
    if($grp.name -eq "TestGroup")
    {
    $ra = $grp.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group)
    $rd = $grp.ParentWeb.RoleDefinitions["Full Control"]
    $ra.RoleDefinitionBindings.add($rd)
    $rd1 = $grp.ParentWeb.RoleDefinitions["read"]
    $ra.RoleDefinitionBindings.remove($rd)
    $ra.Update()
    $grp.Update()
    }
    }
    }
    }
    $site.Dispose()

    For your reference:

    http://sharepoint.stackexchange.com/questions/70071/need-to-remove-permission-level-from-a-sharepoint-group-using-powershell

    https://social.msdn.microsoft.com/Forums/office/en-US/6773d68c-415a-442b-9fef-ce1220af55e9/remove-permissions-from-group-using-powershell?forum=sharepointgeneralprevious

    Best Regards,

    Lisa Chen 


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, July 10, 2015 9:57 AM
    Moderator
  • Hello Lisa,

    I tried the script provided by you but unfortunately it did not resolve my issue.

    i am getting below error 

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:16 char:1
    + $ra.Update()
    + ~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Exception calling "GetAssignmentByPrincipal" with "1" argument(s): "Value
    cannot be null."
    At D:\INUDM\temp.ps1:11 char:1
    + $ra = $grp.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ArgumentNullException

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:13 char:1
    + $ra.RoleDefinitionBindings.add($rd)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:15 char:1
    + $ra.RoleDefinitionBindings.remove($rd1)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:16 char:1
    + $ra.Update()
    + ~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Exception calling "GetAssignmentByPrincipal" with "1" argument(s): "Value
    cannot be null."
    At D:\INUDM\temp.ps1:11 char:1
    + $ra = $grp.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ArgumentNullException

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:13 char:1
    + $ra.RoleDefinitionBindings.add($rd)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:15 char:1
    + $ra.RoleDefinitionBindings.remove($rd1)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:16 char:1
    + $ra.Update()
    + ~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Thank you so much for your help.

    Regards,

    Uday

    Friday, July 10, 2015 1:43 PM
  • Hello Sivabalan,

    I tried the script but it did not work.

    i want to update permissions levels from Read to Full control wherever ( Sub site level, Document library level, item level etc..) this group is added.

    Here is the error i am getting 

    Cannot index into a null array.
    At D:\INUDM\temp.ps1:9 char:5
    +     $PermissionLevel=$spWeb.RoleDefinitions["Full control"]
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : NullArray

    Property 'BasePermissions' cannot be found on this object; make sure it exists
    and is settable.
    At D:\INUDM\temp.ps1:12 char:5
    +     $PermissionLevel.BasePermissions="ViewListItems, AddListItems,
    EditListItems ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : PropertyNotFound

    You cannot call a method on a null-valued expression.
    At D:\INUDM\temp.ps1:13 char:1
    + $PermissionLevel.update()
    + ~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Group: SCM Board
    //output : The term '//output' is not recognized as the name of a cmdlet,
    function, script file, or operable program. Check the spelling of the name, or
    if a path was included, verify that the path is correct and try again.
    At D:\INUDM\temp.ps1:15 char:29
    +      "Group: " + $grp.name; //output the new name
    +                             ~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (//output:String) [], CommandNot
       FoundException
        + FullyQualifiedErrorId : CommandNotFoundException

    Thank you

    Uday

    Friday, July 10, 2015 1:46 PM
  • Hi,

    From the error message, it seems that your powershell is broken.

    To determine whether your PS is broken.

    Run the PowerShell with administrator on the SharePoint server, test with some simple command and check whether it is working.

    In additional, Please check the version of the PS: $PSVersionTable

    Best Regards,

    Lisa Chen


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, July 17, 2015 9:09 AM
    Moderator