Archive

Archive for November, 2012

Setting All User Permissions to “Read-Only” on SharePoint 2007 Lists and Document Libraries using PowerShell.

November 13, 2012 2 comments

I recently blogged about how to set all user and group permissions to read-only on SharePoint 2007 Site Collections and sub-sites.  http://jshidell.com/2012/11/13/setting-all-usergroup-permissions-to-read-only-on-sharepoint-2007-site-collections-and-sub-sites-using-powershell/

Below is the script to do it for List and Document libraries.

Pretty much the same procedures, only here you would iterate through all the lists and document libraries with a foreach ($list in $webs.lists)

and then you would update the lists roles –

$list.RoleAssignments.Add($assignment)
$list.Update()

————————————————————————————————————————————————————————————

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)

$site = New-Object Microsoft.SharePoint.SPSite(“http://portal/site”)
$web=$site.OpenWeb()
$groups = $web.SiteGroups

“URL `t” + “Member `t” + “Level `t” + “User_Group” >> User_List_Permissions.csv

$PermLevels = @{}

function getperms
{
foreach($webs in $site.AllWebs)
{
foreach ($p in $web.Sites)
{
foreach ($list in $webs.Lists)
{
foreach ($role in $webs.Roles)
{
$permmask = $role.PermissionMask
$permname = $role.Name
$PermLevels.Add(“$permmask”, “$permname”)
trap [Exception] {continue}
}
foreach ($perm in $webs.Permissions)
{
$permmaskcurrent = $perm.PermissionMask
$level = $PermLevels.Get_Item(“$permmaskcurrent”)
if ($perm.xml -like “*GroupName*”)
{
$usergroup = “SharePoint Group”
}
if ($perm.xml -like “*UserLogin*”)
{
$usergroup = “AD User”
}
$MemberIsADGroup = $perm.Member.IsDomainGroup
if ($MemberIsADGroup -eq $true)
{
$usergroup = “AD Group”
}
if ($level -ne “Read”)
{
$webs.BreakRoleInheritance($true)

#Remove Roles

$roleAssign = $webs.RoleAssignments.GetAssignmentByPrincipal($perm.Member)
$roleAssign.RoleDefinitionBindings.RemoveAll()
$roleAssign.Update()

#Add Role

$newrole = $webs.RoleDefinitions[“Read”]
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($perm.Member)
$assignment.RoleDefinitionBindings.Add($newrole)
$list.RoleAssignments.Add($assignment)

$list.Update()

$webs.Url + “`t” + perm.Member + “`t” $level + “`t” + usergroup >> User_List_Permissions.csv
}
}
}
}
}
}
getperms
$web.Dispose()

———————————————————————————————————————————————————————————–

Setting All User/Group Permissions to Read-Only on SharePoint 2007 Site Collections and Sub-Sites using PowerShell

November 13, 2012 7 comments

Recently I was tasked to set all domain users and groups (SharePoint and Domain) group permissions to Read-Only on specific site collection and sub-sites in SharePoint 2007.

Since this Site Collection was not in it’s only content database I couldn’t simply just set the database to “Read-Only”.  This would have worked, but since this Site Collection shared a content database with other Site collections I could not do that so I had to result to PowerShell.

Below is the script I wrote to iterate through the Site Collection and sub-sites and set all users and group permissions to read only.

————————————————————————————————————————————————————————————

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)

$site = New-Object Microsoft.SharePoint.SPSite(“http://portal/site”)
$web=$site.OpenWeb()
$groups = $web.SiteGroups

“URL `t” + “Member `t” + “Level `t” + “User_Group” >> User_Group_Permissions.csv

$PermLevels = @{}

function getperms
{
    foreach($webs in $site.AllWebs)
    {
        foreach ($p in $web.Sites)
        {
            foreach ($role in $webs.Roles)
            {
                $permmask = $role.PermissionMask
                $permname = $role.Name
                $PermLevels.Add(“$permmask”, “$permname”)
                trap [Exception] {continue}
            }
            foreach ($perm in $webs.Permissions)
            {
                $permmaskcurrent = $perm.PermissionMask
                $level = $PermLevels.Get_Item(“$permmaskcurrent”)
                if ($perm.xml -like “*GroupName*”)
                {
                    $usergroup = “SharePoint Group”
                }
                if ($perm.xml -like “*UserLogin*”)
                {
                    $usergroup = “AD User”
                }
                $MemberIsADGroup = $perm.Member.IsDomainGroup
                if ($MemberIsADGroup -eq $true)
                {
                    $usergroup = “AD Group”
                }
                if ($level -ne “Read”)
                {
                    $webs.BreakRoleInheritance($true)
                    
                    #Remove Roles

                    $roleAssign = $webs.RoleAssignments.GetAssignmentByPrincipal($perm.Member)
                    $roleAssign.RoleDefinitionBindings.RemoveAll()
                    $roleAssign.Update()

                    #Add Role
                    
                    $newrole = $webs.RoleDefinitions[“Read”]
                    $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($perm.Member)
                    $assignment.RoleDefinitionBindings.Add($newrole)
                    $webs.RoleAssignments.Add($assignment)
                    
                    $webs.Update()
                    
                    $webs.Url + “`t” + perm.Member + “`t” $level + “`t” + usergroup >> User_Group_Permissions.csv

                }
            }
        }
    }
}
getperms
$web.Dispose()

 

———————————————————————————————————————————————————————————–