SharePoint, Powershell, manage or change AD security group permission for subfolders

%3CLINGO-SUB%20id%3D%22lingo-sub-2230356%22%20slang%3D%22en-US%22%3ESharePoint%2C%20Powershell%2C%20manage%20or%20change%20AD%20security%20group%20permission%20for%20subfolders%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2230356%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22%22%3EGood%20day!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20spend%20few%20hours%20searching%20for%20this%20but%20didnt%20find%20solutions%20for%20my%20requirements.%20Hope%20I%20would%20get%20a%20solution%20from%20experts%20like%20you%20which%20would%20drastically%20reduce%20my%20effort%20in%20making%201000s%20if%20clicks.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20SP%20site%20with%20doc%20library%20associated%20with%20a%20teams%20channel%20'Finance'%20The%20'Finance'%20folder%20under%20the%20doc%20lib%20has%20folders%20named%20after%20each%20company.%20Probably%20around%2060%20or%20more.%20each%20folder%20has%2017%20folders.%20below%20is%20the%20high%20level%20path.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoc%20lib%20--%26gt%3B%20Finance%20--%26gt%3B%20Company%20--%26gt%3B%20content.%26nbsp%3B%3C%2FP%3E%3CP%3EAD%20group%20name%3A%20LI.Finance.Read%20and%20LI.Finance.Write%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20set%20in%20a%20way%20that%20if%20I%20add%20some%20one%20to%20the%20channel%2C%20they%20get%20access%20to%20the%20document%20lib.%20but%20those%20who%20dont%20need%20access%20to%20the%20channel%2C%20they%20get%20added%20to%20AD%20group.%20I%20can%20add%20someone%20directly%20to%20the%20private%20group%20of%20the%20channel%20and%20they%20would%20get%20the%20desired%20access%2C%20but%20I've%20automated%20the%20'Teams''%20general%20group%20to%20add%2Fremove%20when%20they%20meet%20certain%20condition%20and%20looks%20like%20this%20is%20impacting%20and%20removing%20the%20members%20from%20the%20groups%20associated%20with%20private%20channels%20as%20well%20if%20they%20dont%20belong%20to%20the%20'Team'.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20has%20forced%20me%20to%20manage%20permission%20using%20AD%20if%20they%20dont%20belong%20to%20the%20parent%20Team%20and%20would%20need%20access%20to%20the%20doc%20lib%20of%20the%20private%20channel.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELong%20story%20short%2C%20I%20need%20to%20change%20the%20permission%20from%20Read%20to%20Edit%20for%20all%20the%20folders%20of%20one%20specific%20AD%20group%20that%20are%20under%20the%20'Company'%20folders%20but%20should%20be%20read%20only%20for%20the%20parent%20folders.%26nbsp%3B%20How%20do%20I%20do%20it%20using%20PowerShell%3F%20This%20will%20save%208%20clicks%20per%20folder.%20Totally%208000%2B%20clicks.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENote%3A%20Those%20groups%20mentioned%20above%20gets%20RO%20access%20to%20Doc%20Lib%2C%20Finance%20and%20Company%20folders%20even%20if%20the%20group%20ends%20with%20'write'.%20But%20get%20write%20access%20only%20at%20the%20folder%20level%20thats%20called%20'content'.%20at%20all%20levels%20LI.Finance.Read%20gets%20only%20read%20so%20no%20problem%20with%20this.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EApologies%20for%20the%20long%20write.%20Let%20me%20know%20if%20you%20need%20more%20details.%20BTW%2C%20I'm%20noob%20in%20PowerShell.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2230356%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDocument%20Library%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Good day!

 

I spend few hours searching for this but didnt find solutions for my requirements. Hope I would get a solution from experts like you which would drastically reduce my effort in making 1000s if clicks. 

 

I have a SP site with doc library associated with a teams channel 'Finance' The 'Finance' folder under the doc lib has folders named after each company. Probably around 60 or more. each folder has 17 folders. below is the high level path. 

 

Doc lib --> Finance --> Company --> content. 

AD group name: LI.Finance.Read and LI.Finance.Write

 

It is set in a way that if I add some one to the channel, they get access to the document lib. but those who dont need access to the channel, they get added to AD group. I can add someone directly to the private group of the channel and they would get the desired access, but I've automated the 'Teams'' general group to add/remove when they meet certain condition and looks like this is impacting and removing the members from the groups associated with private channels as well if they dont belong to the 'Team'. 

 

This has forced me to manage permission using AD if they dont belong to the parent Team and would need access to the doc lib of the private channel.  

 

Long story short, I need to change the permission from Read to Edit for all the folders of one specific AD group that are under the 'Company' folders but should be read only for the parent folders.  How do I do it using PowerShell? This will save 8 clicks per folder. Totally 8000+ clicks. 

 

Note: Those groups mentioned above gets RO access to Doc Lib, Finance and Company folders even if the group ends with 'write'. But get write access only at the folder level thats called 'content'. at all levels LI.Finance.Read gets only read so no problem with this. 

 

Apologies for the long write. Let me know if you need more details. BTW, I'm noob in PowerShell. 

1 Reply
Modifying permissions within a private channel's site/doc lib wouldn't be a supported scenario.