Home > PowerShell, SharePoint Administration > Setting All User Permissions to “Read-Only” on SharePoint 2007 Lists and Document Libraries using PowerShell.

Setting All User Permissions to “Read-Only” on SharePoint 2007 Lists and Document Libraries using PowerShell.

I recently blogged about how to set all user and group permissions to read-only on SharePoint 2007 Site Collections and sub-sites.  http://jshidell.com/2012/11/13/setting-all-usergroup-permissions-to-read-only-on-sharepoint-2007-site-collections-and-sub-sites-using-powershell/

Below is the script to do it for List and Document libraries.

Pretty much the same procedures, only here you would iterate through all the lists and document libraries with a foreach ($list in $webs.lists)

and then you would update the lists roles –

$list.RoleAssignments.Add($assignment)
$list.Update()

————————————————————————————————————————————————————————————

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)

$site = New-Object Microsoft.SharePoint.SPSite(“http://portal/site”)
$web=$site.OpenWeb()
$groups = $web.SiteGroups

“URL `t” + “Member `t” + “Level `t” + “User_Group” >> User_List_Permissions.csv

$PermLevels = @{}

function getperms
{
foreach($webs in $site.AllWebs)
{
foreach ($p in $web.Sites)
{
foreach ($list in $webs.Lists)
{
foreach ($role in $webs.Roles)
{
$permmask = $role.PermissionMask
$permname = $role.Name
$PermLevels.Add(“$permmask”, “$permname”)
trap [Exception] {continue}
}
foreach ($perm in $webs.Permissions)
{
$permmaskcurrent = $perm.PermissionMask
$level = $PermLevels.Get_Item(“$permmaskcurrent”)
if ($perm.xml -like “*GroupName*”)
{
$usergroup = “SharePoint Group”
}
if ($perm.xml -like “*UserLogin*”)
{
$usergroup = “AD User”
}
$MemberIsADGroup = $perm.Member.IsDomainGroup
if ($MemberIsADGroup -eq $true)
{
$usergroup = “AD Group”
}
if ($level -ne “Read”)
{
$webs.BreakRoleInheritance($true)

#Remove Roles

$roleAssign = $webs.RoleAssignments.GetAssignmentByPrincipal($perm.Member)
$roleAssign.RoleDefinitionBindings.RemoveAll()
$roleAssign.Update()

#Add Role

$newrole = $webs.RoleDefinitions[“Read”]
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($perm.Member)
$assignment.RoleDefinitionBindings.Add($newrole)
$list.RoleAssignments.Add($assignment)

$list.Update()

$webs.Url + “`t” + perm.Member + “`t” $level + “`t” + usergroup >> User_List_Permissions.csv
}
}
}
}
}
}
getperms
$web.Dispose()

———————————————————————————————————————————————————————————–

Advertisements
  1. TH
    October 29, 2015 at 1:27 pm

    You didn’t try this code your-self did you? It’s not RoleAssignment it’s RoleAssignments (pluralis)

    • October 29, 2015 at 1:30 pm

      Wow really? Yes of course I tried it I wrote it, and it’s clearly a typo by me. Thanks for the catch smart-ass.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: