Forum Discussion
CardinalNight
Feb 05, 2025Brass Contributor
Best way to remove UseClientIntegration from each role definition (SharePoint Online)
I've created a PS script that removes Use Client integration from each permission level (role definition). This works, but as a side effect it gives the custom role definitions a new id. This can cause issues further down the line.
Here is the part of the script which replaces the existing permission levels (role defs):
#Install App to the Site
Install-PnPApp -Identity $App.Id
# Get all existing role definitions
$roleDefinitions = Get-PnPRoleDefinition
foreach ($role in $roleDefinitions) {
# Create a new custom role definition by copying the existing one
$newRoleName = "Custom_" + $role.Name
# Clone the existing permission levels excluding Client Int.:
Add-PnPRoleDefinition -RoleName $newRoleName -Clone $role -Exclude UseClientIntegration
# Remove the original role definition
Remove-PnPRoleDefinition -Identity $role.Name -Force }
# Get the new role definitions:
$newRoleDefinitions = Get-PnPRoleDefinition
# Rename each permission to remove the "Custom_"
foreach ($newRole in $newRoleDefinitions) {
Set-PnPRoleDefinition -Identity $newRole.Name -NewRoleName $newRole.Name.TrimStart("Custom_")
}
# Remove the erroneously created permission levels:
if($role.Name -eq "Custom_Limited Access" -or "Custom_Web-Only Limited Access" -or "Custom_Full Control") {
Remove-PnPRoleDefinition -Identity "Custom_Limited Access" -Force
Remove-PnPRoleDefinition -Identity "Custom_Web-Only Limited Access" -Force
Remove-PnPRoleDefinition -Identity "Custom_Full Control" -Force
Set-PnPRoleDefinition -Identity "ntribute" -NewRoleName "Contribute" #Not sure why earlier in the script it changes Contribute to "ntribute" but i'm having to rename it here.
}
I need a better way to do this, as you can see it's an amateur effort. I need someway to remove UserClientIntegration from each permission level but keep the original permission level role def id.
No RepliesBe the first to reply