Home > PowerShell, SharePoint Administration > Setting All User/Group Permissions to Read-Only on SharePoint 2007 Site Collections and Sub-Sites using PowerShell

Setting All User/Group Permissions to Read-Only on SharePoint 2007 Site Collections and Sub-Sites using PowerShell

Recently I was tasked to set all domain users and groups (SharePoint and Domain) group permissions to Read-Only on specific site collection and sub-sites in SharePoint 2007.

Since this Site Collection was not in it’s only content database I couldn’t simply just set the database to “Read-Only”.  This would have worked, but since this Site Collection shared a content database with other Site collections I could not do that so I had to result to PowerShell.

Below is the script I wrote to iterate through the Site Collection and sub-sites and set all users and group permissions to read only.

————————————————————————————————————————————————————————————

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)

$site = New-Object Microsoft.SharePoint.SPSite(“http://portal/site”)
$web=$site.OpenWeb()
$groups = $web.SiteGroups

“URL `t” + “Member `t” + “Level `t” + “User_Group” >> User_Group_Permissions.csv

$PermLevels = @{}

function getperms
{
    foreach($webs in $site.AllWebs)
    {
        foreach ($p in $web.Sites)
        {
            foreach ($role in $webs.Roles)
            {
                $permmask = $role.PermissionMask
                $permname = $role.Name
                $PermLevels.Add(“$permmask”, “$permname”)
                trap [Exception] {continue}
            }
            foreach ($perm in $webs.Permissions)
            {
                $permmaskcurrent = $perm.PermissionMask
                $level = $PermLevels.Get_Item(“$permmaskcurrent”)
                if ($perm.xml -like “*GroupName*”)
                {
                    $usergroup = “SharePoint Group”
                }
                if ($perm.xml -like “*UserLogin*”)
                {
                    $usergroup = “AD User”
                }
                $MemberIsADGroup = $perm.Member.IsDomainGroup
                if ($MemberIsADGroup -eq $true)
                {
                    $usergroup = “AD Group”
                }
                if ($level -ne “Read”)
                {
                    $webs.BreakRoleInheritance($true)
                    
                    #Remove Roles

                    $roleAssign = $webs.RoleAssignments.GetAssignmentByPrincipal($perm.Member)
                    $roleAssign.RoleDefinitionBindings.RemoveAll()
                    $roleAssign.Update()

                    #Add Role
                    
                    $newrole = $webs.RoleDefinitions[“Read”]
                    $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($perm.Member)
                    $assignment.RoleDefinitionBindings.Add($newrole)
                    $webs.RoleAssignments.Add($assignment)
                    
                    $webs.Update()
                    
                    $webs.Url + “`t” + perm.Member + “`t” $level + “`t” + usergroup >> User_Group_Permissions.csv

                }
            }
        }
    }
}
getperms
$web.Dispose()

 

———————————————————————————————————————————————————————————–

Advertisements
  1. Donald
    May 21, 2014 at 1:05 pm

    Saved me a bunch of time today for another scenario. Thanks a lot!

    And I found a tipo: RoleAssignment should be RoleAssignments

  2. TD
    December 3, 2015 at 1:27 pm

    Don’t know if this is still monitored, but I’m getting an error at the “URL” `t” + “Member `t” + “Level `t” + “User_Group” >> User_Group_Permissions.csv line:

    Unexpected token ‘URL” `t”‘ in expression or statement.

    • December 3, 2015 at 3:58 pm

      Hi TD,

      Yes sorry there is a typo. Just remove the ending quotation mark after URL. So it should be.

      “URL `t” + “Member `t” + “Level `t” + “User_Group”

      Thanks for the catch.

      v/r
      JShidell

  3. TD
    December 3, 2015 at 9:01 pm

    I removed the “URL” but am still getting error:
    Unexpected token ‘URL’ in expression or statement.
    At C:\scripts\setsubsitereadonly.ps1:7 char:5
    + “URL <<<>

    A couple of questions:
    Does this work for SP 2010?
    If so, what is the ” at the end of your URL on the 2nd line of the code?

    Thank you very much for your reply

    • December 7, 2015 at 2:27 pm

      Do you mind sharing your script so I can see? yes this works for SP2010.

      v/r
      JS

  4. TD
    December 3, 2015 at 9:04 pm

    Well i see it didn’t post everything I had put into my reply.

    So let me try again:

    I updated the URL link on the 2nd line of code to ”
    and re-ran the script with the original update you mentioned
    and now I get error:
    You must provide a value expression on the right-hand side of the ‘+’ operator.
    LIne:60 Char:39

  1. November 13, 2012 at 5:06 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: