Hey folks, got a question for you that I have been struggling with what I thought would be fairly straightforward but I am having trouble getting it to work. I've got a script where in the grand scheme, I am creating a SharePoint online subsite
and doing some stuff. Where I'm stuck is I am trying to modify permissions on 3 lists. I've got everything perfect except for one thing - removing a SharePoint group from the permissions. I've tried and tried, and every example is not I want
or I can't seem to get converted to CSOM. Here's the basic flow
1) Create subsite, get new context to new subsite, break permission inheritance on subsite
2) I create a SharePoint group and add that group to permissions (read) called "Client Users"
3) I iterate through all lists, and for lists that match 3 names (Title -eq "Sales Docs", etc), I break their perm inheritance, and I need to remove the Client Users group as I don't want that group to have any access
That last part of #3 is where I'm stuck. When I'm creating and adding the group, I have to get the permission level, the new group and build a role assignment like so:
$NewGroup = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$NewGroup.Title = $grpname
$AcctUsersGrp = $ctx.Web.SiteGroups.Add($NewGroup)
$PermLevel = $ctx.Web.RoleDefinitions.GetByName($PermRead)
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)
$RoleDefBind.Add($PermLevel)
$Assignments = $ctx.Web.RoleAssignments
$RoleAssign = $Assignments.Add($AcctUsersGrp,$RoleDefBind)
$ctx.Load($AcctUsersGrp)
$ctx.ExecuteQuery()
This creates the group, and adds it to the site with read permission. On a list, I need to remove that group from the list. Not delete the group entirely from SharePoint. Anyone point me in a direction? Here's where I would likely add the remove group code:
$lists = $ctx.Web.Lists
$ctx.Load($lists)
$ctx.ExecuteQuery()
foreach ($list in $Lists) {
if ($list.Title -eq "Sales Docs" -or $list.Title -eq "Archived Sales Docs" -or $list.Title -eq "OneNote") {
Write-Host "-- " $list.Title
$list.BreakRoleInheritance($true, $false)
$list.Update()
$ctx.ExecuteQuery()
<new code here - get group, then remove it from perm on list>
}
}
I think I can get the group like this:
$group = $ctx.Web.SiteGroups["Client Users"]
I'd love to see a working sample or any suggestions where this works. Thanks!
1) Create subsite, get new context to new subsite, break permission inheritance on subsite
2) I create a SharePoint group and add that group to permissions (read) called "Client Users"
3) I iterate through all lists, and for lists that match 3 names (Title -eq "Sales Docs", etc), I break their perm inheritance, and I need to remove the Client Users group as I don't want that group to have any access
That last part of #3 is where I'm stuck. When I'm creating and adding the group, I have to get the permission level, the new group and build a role assignment like so:
$NewGroup = New-Object Microsoft.SharePoint.Client.GroupCreationInformation
$NewGroup.Title = $grpname
$AcctUsersGrp = $ctx.Web.SiteGroups.Add($NewGroup)
$PermLevel = $ctx.Web.RoleDefinitions.GetByName($PermRead)
$RoleDefBind = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)
$RoleDefBind.Add($PermLevel)
$Assignments = $ctx.Web.RoleAssignments
$RoleAssign = $Assignments.Add($AcctUsersGrp,$RoleDefBind)
$ctx.Load($AcctUsersGrp)
$ctx.ExecuteQuery()
This creates the group, and adds it to the site with read permission. On a list, I need to remove that group from the list. Not delete the group entirely from SharePoint. Anyone point me in a direction? Here's where I would likely add the remove group code:
$lists = $ctx.Web.Lists
$ctx.Load($lists)
$ctx.ExecuteQuery()
foreach ($list in $Lists) {
if ($list.Title -eq "Sales Docs" -or $list.Title -eq "Archived Sales Docs" -or $list.Title -eq "OneNote") {
Write-Host "-- " $list.Title
$list.BreakRoleInheritance($true, $false)
$list.Update()
$ctx.ExecuteQuery()
<new code here - get group, then remove it from perm on list>
}
}
I think I can get the group like this:
$group = $ctx.Web.SiteGroups["Client Users"]
I'd love to see a working sample or any suggestions where this works. Thanks!
