Forum Discussion

Avian 1's avatar
Avian 1
Iron Contributor
Apr 18, 2019

How to add different user with different permission in different document libraries using PowerShell

Hello   We are creating department wise global site (SP Online). Where each country has one document library. I want to add different users with different permissions (Full/Contribute/Read) in diff...
Document Library
SharePoint Online
Paul Chapman's avatar
Paul Chapman
Iron Contributor
Apr 18, 2019

Hi Avian 1,

 

Firstly, I am not a Powershell Expert by any means. But I had a look at this and, if I have understood your requirements correctly, I think I have a workable solution. I don't know your own level of PS knowledge so apologies if any of this is pitched at the wrong level.

 

I'd break the task into 2 sections, all of them using the SharePointPnPPowerShellOnline module. 

Install-Module SharePointPnPPowerShellOnline

Connect-PnPOnline -Url $siteURL -Credentials $myCredentials

 

Task 1. Create the Groups and add them to the relevant Doc Lib

Create a spreadsheet with a distinct name for each group you want, with an Owner column and (optional) a description. Also include a column with the relevant document library Title and the permission level you want that group to have (so Full Control, Edit etc). So 5 columns, Name, Owner, Desc, DocLib, Permission. Save the spreadsheet as a CSV file (this may not be necessary but it's what I do).

Then in PS do something like: 

$groupinfo = Import-Csv -Path "C:\group-info.csv"

foreach($group in $groupinfo)

 {

New-PnPGroup -Title $group.Name -Description $group.Desc -Owner $group.Owner

Set-PnPListPermission -Identity $group.DocLib -Group $group.Name -AddRole $group.Permission

 }

 

2. Add users to relevant Group created in section 1

This is simpler, create a spreadsheet with 2 columns, the user principal name and the group they need to be added to (which matches a group name from Task 1). If a user is a member of multiple groups then they need to be in multiple rows.

 

Then in PS: 

$info = Import-Csv -Path "C:\OneDrive\OneDrive - SFCT\test.csv"
foreach($user in $info)
    {
        Add-PnPUserToGroup -Identity $user.Group -LoginName $user.UPN
    }

 

That should do what you need (if I understand correctly). The only other thing is, once you've created the libraries and before you add the groups, you will want to break permission inheritance so that adding a user to a specific group doesn't give them access to other doc libs. This can also be done in PS with the PnP module: 

Set-PnpList -Identity "[doc lib name]" -BreakRoleInheritance

 

I hope this helps. Let me know if it does or if I have massively missed the point of your post! :s

 

Paul

 

 

Resources