Forum Discussion

Avian 1's avatar
Avian 1
Iron Contributor
Apr 18, 2019

How to add different user with different permission in different document libraries using PowerShell

Hello

 

We are creating department wise global site (SP Online). Where each country has one document library. I want to add different users with different permissions (Full/Contribute/Read) in different libraries. I have prepared CSV where I have user ADID (domain\username), target document library url and permission columns. 

 

How can I add user using PowerShell with the help of CSV from where I can read the information and accordingly add user with unique permission with their respective document libraries. I also want added user can not access other document libraries where they done have permissions.

 

Regards

Avian

Document Library
SharePoint Online

1 Reply

  • Paul Chapman's avatar
    Paul Chapman
    Iron Contributor
    Apr 18, 2019

    Hi Avian 1,

     

    Firstly, I am not a Powershell Expert by any means. But I had a look at this and, if I have understood your requirements correctly, I think I have a workable solution. I don't know your own level of PS knowledge so apologies if any of this is pitched at the wrong level.

     

    I'd break the task into 2 sections, all of them using the SharePointPnPPowerShellOnline module. 

    Install-Module SharePointPnPPowerShellOnline

    Connect-PnPOnline -Url $siteURL -Credentials $myCredentials

     

    Task 1. Create the Groups and add them to the relevant Doc Lib

    Create a spreadsheet with a distinct name for each group you want, with an Owner column and (optional) a description. Also include a column with the relevant document library Title and the permission level you want that group to have (so Full Control, Edit etc). So 5 columns, Name, Owner, Desc, DocLib, Permission. Save the spreadsheet as a CSV file (this may not be necessary but it's what I do).

    Then in PS do something like: 

    $groupinfo = Import-Csv -Path "C:\group-info.csv"

    foreach($group in $groupinfo)

     {

    New-PnPGroup -Title $group.Name -Description $group.Desc -Owner $group.Owner

    Set-PnPListPermission -Identity $group.DocLib -Group $group.Name -AddRole $group.Permission

     }

     

    2. Add users to relevant Group created in section 1

    This is simpler, create a spreadsheet with 2 columns, the user principal name and the group they need to be added to (which matches a group name from Task 1). If a user is a member of multiple groups then they need to be in multiple rows.

     

    Then in PS: 

    $info = Import-Csv -Path "C:\OneDrive\OneDrive - SFCT\test.csv"
    foreach($user in $info)
        {
            Add-PnPUserToGroup -Identity $user.Group -LoginName $user.UPN
        }

     

    That should do what you need (if I understand correctly). The only other thing is, once you've created the libraries and before you add the groups, you will want to break permission inheritance so that adding a user to a specific group doesn't give them access to other doc libs. This can also be done in PS with the PnP module: 

    Set-PnpList -Identity "[doc lib name]" -BreakRoleInheritance

     

    I hope this helps. Let me know if it does or if I have massively missed the point of your post! :s

     

    Paul

     

     

Resources