First published on TECHNET on Aug 29, 2016
Hello Guys,
Recently my customer asked me to create a script to remove permissions from a list, specifically it would remove all permissions except for one group that they would designate.
Started doing some research and quickly realized that there was no information out there on how to do this, so I did a lot of digging and came up with this script.
You can download the script from this location
The heart of the script is the function CleanupAcl
Function CleanUpAcl
{
param($SPObject, $GroupName)
$Title = $SPObject.Title
Write-Host "Removing permissions from $Title"
$RoleAssignmentsCount = $SPObject.RoleAssignments.Count
For($i = $RoleAssignmentsCount - 1; $i -ge 0; $i--)
{
if($SPObject.RoleAssignments[$i].Member.Name -ne $GroupName)
{
$DeletedGroupName = $SPObject.RoleAssignments[$i].Member.Name
Write-Host "`t Removing Group/User $DeletedGroupName..."
$SPObject.RoleAssignments.RemoveByID($SPObject.RoleAssignments[$i].Member.ID)
}
}
}
For me the big surprise was having to use the For loop instead of being able to use the ForEach loop. The reason I did this is when I was testing I go the following error message:
An error occurred while enumerating through a collection: Collection was modified; enumeration operation may not execute..
At C:\Users\Administrator.WEAVER\Documents\Viewstest2.ps1:11 char:1
+ <<<< $List.RoleAssignments | ForEach-Object{
+ CategoryInfo : InvalidOperation: (Microsoft.Share...on+SPEnumerator:SPEnumerator) [], RuntimeException
+ FullyQualifiedErrorId : BadEnumeration
I quickly realized that I was deleting the object I was trying to enumerate so I changed to the For loop and went from the bottom up.
Hope this script is helpful to you.
Pax
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.