SharePoint Online 2013: create new permission level in site, Create Group and Add to List / Library from XML
Requirement
Create new permission level in a site, Create Group & Add to a List / Library in a SharePoint Online 2013 site from an XML file.
Steps
Usually, people prefer writing Visual Studio code in such cases. But as a part of their process, a customer wanted us to do this using PowerShell.
Now in SharePoint Online PowerShell, we have very little commands to perform this operation and there are no commands for doing the first part i.e. Break Site Inheritance and Create Permission Level using PnP.
Therefore, we are using CSOM + PnP.
Now coming to the scenario it was like we had an XML file which somewhat used to look like this:-
<?xml version="1.0" encoding="UTF-8"?>
<Lists>
<List Name="NameOfList">
<Group Name="NameOfGroup" PermissionLevel="Read"/>
<Group Name="NameOfGroup" PermissionLevel="Read"/>
<Group Name="NameOfGroup" PermissionLevel="Read"/>
<Group Name="NameOfGroup" PermissionLevel="Contribute"/>
<Group Name="NameOfGroup" PermissionLevel="Custom"/>
</List>
</Lists>
By reading this particular XML file we had the Create a Group if not in the Site and then add the Group to our List. Create a new permission Level if not in the Site already and assign it to the Group.
We were performing this operation using Modules in Powershell (.psm1) and not through Powershell file .ps1 directly.
So, the .psm1 file looked like this:-
===================================================================================================
#Give references of the Client side DLLs for CSOM code
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
function Set-AddGroupsToListFromXML
{
#Set Parameters from Master file using Credentials store saved in path -> Control Panel\All Control Panel Items\Credential Manager\Add a Windows Credential
param([string]$url, [string]$credStoreName, [string]$logFilePath)
Write-Host "authenticate to SharePoint Online site collection $url and get ClientContext object" -foregroundcolor black -backgroundcolor yellow
#connecting to SharePoint Online site
Connect-SPOnline -Url $url -Credential $credStoreName
$ctx=Get-SPOContext
$ctx.RequestTimeOut = 5000 * 60 * 10;
$ctx.Load($ctx.Web.Lists)
$web = $ctx.Web
$site = $ctx.Site
$ctx.Load($web)
$ctx.Load($site)
try
{
$ctx.ExecuteQuery()
Write-Host "authenticateed to SharePoint Online site collection $url and get ClientContext object succeefully" -foregroundcolor black -backgroundcolor Green
}
catch
{
Write-Host "Not able to authenticateed to SharePoint Online site collection $url $_.Exception.Message" -foregroundcolor black -backgroundcolor Red
return
}
#Define Custom permission level
$permissionlevel = "ViewListItems,
AddListItems,
EditListItems,
OpenItems,
ViewVersions,
DeleteVersions,
CancelCheckout,
ManagePersonalViews,
ViewFormPages,
Open,
ViewPages,
ApplyThemeAndBorder,
BrowseDirectories,
BrowseUserInfo,
AddDelPrivateWebParts,
UpdatePersonalWebParts,
UseClientIntegration,
UseRemoteAPIs,
CreateAlerts,
EditMyUserInfo"
#Initialize Object for Role Definition Collection
$roleDefinitionCol = $web.RoleDefinitions
$ctx.Load($roleDefinitionCol)
$ctx.ExecuteQuery()
$permExists = $false
#Check if the permission level exists or not
foreach($role in $roleDefinitionCol)
{
if($role.Name -eq "<<PermissionLevelName>>")
{
$permExists = $True
break
}
}
Write-Host Creating Permission level with the name UtopiaWR -foregroundcolor black -backgroundcolor Yellow
#If the permission Level does not exist
#If Permission Level already exists
else
{
Write-Host Pemission level with the name $permName already exists -foregroundcolor black -backgroundcolor Red
}
foreach($ll in $ctx.Web.Lists)
{
#Read XML file from the Local drive where it is placed
[System.Xml.XmlDocument] $inputDoc = new-object System.Xml.XmlDocument
$inputFile = resolve-path("..\XML\ListLevelPermission.xml")
$inputLists = [xml](Get-Content $inputFile)
try{
foreach($List in $inputLists.Lists.List) {
#Create New List from XML
#New-SPOList -Title $List.Name –Template GenericList
if ($List.Name -eq $ll.Title)
{
#Break Inheritance
$ll.BreakRoleInheritance($true, $false)
$ll.Update()
try
{
$ctx.ExecuteQuery()
Write-Host "Removed inherited permissions for " $ll.Title
}
catch
{
$dateTime= Get-Date
"Time: $dateTime -- Exception Type: $($_.Exception.GetType().FullName) -- Exception Message: $($_.Exception.Message)" | Out-File $logFilePath –append
throw $_.Exception.Message
}
#Iterate through the Groups in XML
foreach($GroupInfo in $List.Group)
{
Connect-SPOnline -Url $url -Credential $credStoreName
#Check if Group already exists and Create if needed
if((Get-SPOGroup -Identity $GroupInfo.Name -ErrorAction SilentlyCOntinue) -eq $null )
{
New-SPOGroup -Title $GroupInfo.Name
}
#Add Permission Level to the Group
Set-SPOListPermission -Identity $List.Name -Group $GroupInfo.Name -AddRole $GroupInfo.PermissionLevel
}
Write-Host "Permissions Modified for "$List.Name" " -ForegroundColor Green
}
}
}
catch{
$dateTime= Get-Date
"Time: $dateTime -- Exception Type: $($_.Exception.GetType().FullName) -- Exception Message: $($_.Exception.Message)" | Out-File $logFilePath –append
throw $_.Exception.Message
}
if($ctx.Web.Webs.Count -gt 0 -and $IncludeSubsites)
{
for($i=0; $i -lt $ctx.Web.Webs.Count ; $i++)
{
Set-AddGroupsToListFromXML -Url ($ctx.Web.Webs[$i].Url) -Username $Username -AdminPassword $AdminPassword -IncludeSubsites $IncludeSubsites
}
}
}
}
Then the Credentials to connect to SPO and the URL of our SPO site was passed through a Master.ps1 file which looks like this:-
$SiteURL = "https://YourSite.sharepoint.com"
$CredStoreName = "Ankush" --> #You can store these Credentials here : Control Panel\All Control Panel Items\Credential Manager\Add a Generic Credential#
$RootLocation="C:\MyFolder"
#Param ( [string]$SiteURL , [string]$CredStoreName, [string]$RootLocation)
$logFilePath = $RootLocation + "\log.txt"
#Ankush's code file
$AddGroupsToListFromXMLPath = $RootLocation + "\ps\NewPermLevel.psm1"
Import-Module $AddGroupsToListFromXMLPath
$ErrorActionPreference = "Stop"
Try
{
#Call modules one by one
Write-Host "Calling Ankush's module"
Set-AddGroupsToListFromXML -url $SiteURL -credStoreName $CredStoreName -logFilePath $logFilePath
}
Catch
{
$dateTime= Get-Date
"Time: $dateTime -- Exception Type: $($_.Exception.GetType().FullName) -- Exception Message: $($_.Exception.Message)" | Out-File $logFilePath -append
throw $_.Exception.Message
}