I know that there are lot of sites and scripts where you can find how to create bunch of folders and set permissions on them via PowerShell. But I was not able to find all in one place. For instance, how to create folder, how to add AD user or group with certain permission level, how to set permission inheritance on some folder etc.
Therefore I wrote couple of functions which will hopefully help you to configure your folder structure, as well as necessary permissions. Best thing is that you can create .csv file and create load of folders and permissions at once.
<#
.Synopsis
This function creates folder in SharePoint list
.DESCRIPTION
This function creates folder in SharePoint list
.EXAMPLE
Create-SPFolder -WebURL http://mysite.com/subsite -listName Listname -RootFolderURL Listname -FolderName MyFirstFolder -Verbose
.EXAMPLE
Import-Csv C:\temp\folderpermission.csv | Create-SPfolder
#>
function Create-SPFolder
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
[string]$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
[string]$RootFolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
[string]$FolderName
)
Begin{
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
}
Process
{
$website = Get-SPWeb $WebURL
$list = $website.Lists[$listname]
If ($website.GetFolder("$RootFolderURL/$foldername").Exists){
Write-Verbose "SharePoint folder already exists. Skiping...."
}
else{
$folder = $list.AddItem($RootFolderURL, [Microsoft.SharePoint.SPFileSystemObjectType]::Folder, "$folderName")
$folder.Update()
Write-Verbose "SharePoint folder $foldername created on location $RootFolderURL/$foldername"
}
}
End
{
$website.Dispose()
}
}
<#
.Synopsis
This function sets permissions to SharePoint folder
.DESCRIPTION
This function sets permissions to SharePoint folder; it breaks inheritance and add AD user with defined permission level
.EXAMPLE1
Set-SPFolderUserUniquePermission -WebURL http://mysite.com/subsite -listName Listname -FolderURL "Listname/MyFirstFolderName" -PermissionLevel "Contribute" -ADUser AD\MyAccount -Verbose
.EXAMPLE2
Set-SPFolderUserUniquePermission http://mysite.com/subsite "Listname" "Listname/MyFirstFolderName" -PermissionLevel "Read" AD\MyAccount -Verbose
.EXAMPLE3
Import-Csv C:\temp\folderpermission.csv | Set-SPFolderUserUniquePermission
.EXAMPLE4
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Set-SPFolderUserUniquePermission -WebURL $line.weburl -listName $line.listName -RootFolderURL $line.FolderUrl -PermissionLevel $line.PermissionLevel -ADUser $line.ADUser -Verbose
}
#>
function Set-SPFolderUserUniquePermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
[string]$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
[string]$FolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
[ValidateSet("Full Control", "Design", "Contribute", "Read")]
[string]$PermissionLevel,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=4)]
[string]$ADUser
)
Begin
{
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
}
Process
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $listName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
$group = $website.SiteUsers[$ADuser];
$spFolder.BreakRoleInheritance($false);
$roleAssignment = New-Object microsoft.sharepoint.SPRoleAssignment($group)
$roleDefinition = $website.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$spFolder.RoleAssignments.Add($roleAssignment)
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
<#
.Synopsis
This function set SharePoint folder permission to inherit from parent.
.DESCRIPTION
This function set SharePoint folder permission to inherit from parent.
.EXAMPLE1
Set-SPFolderInheritPermission -WebURL http://mysite.com/subsite -listName Listname -RootFolderURL "Listname/MyFirstFolderName"
.EXAMPLE2
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
$FolderUrl = $line.RootFolderUrl + '/' + $line.FolderName
Set-SPFolderInheritPermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -Verbose
}
#>
function Set-SPFolderInheritPermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
[string]$listName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
[string]$FolderURL
)
Begin
{
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
}
Process
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $listName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
$spFolder.ResetRoleInheritance()
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
<#
.Synopsis
This function sets permissions to SharePoint folder
.DESCRIPTION
This function sets permissions to SharePoint folder; it breaks inheritance and add SharePoint group with defined permission level
.EXAMPLE1
Set-SPFolderGroupUniquePermission -WebURL http://mysite.com/subsite -listName Listname -RootFolderURL "Listname/MyFirstFolderName" -PermissionLevel "Contribute" -SPGroup "HR" -Verbose
.EXAMPLE2
Set-SPFolderGroupUniquePermission http://mysite.com/subsite "Listname" "Listname/MyFirstFolderName" -PermissionLevel "Read" "HR" -Verbose
.EXAMPLE3
Import-Csv C:\temp\folderpermission.csv | Set-SPFolderGroupUniquePermission
.EXAMPLE4
$csv = Import-Csv C:\temp\folderpermission.csv
foreach ($line in $csv){
Set-SPFolderGroupUniquePermission -WebURL $line.weburl -listName $line.listName -FolderURL $line.FolderUrl -PermissionLevel $line.PermissionLevel -Group $line.SPGroup -Verbose
}
#>
function Set-SPFolderGroupUniquePermission
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$WebURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
[string]$ListName,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
[string]$FolderURL,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
[ValidateSet("Full Control", "Design", "Contribute", "Read")]
[string]$PermissionLevel,
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=4)]
[string]$SPGroup
)
Begin
{
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
}
Process
{
$website = Get-SPWeb $WebURL
$list = $website.Lists | Where-Object{$_.title -eq $ListName}
$SPfolder = $list.Folders | Where-Object {$_.url -eq $FolderURL}
$group = $website.SiteGroups[$SPGroup];
$spFolder.BreakRoleInheritance($false);
$roleAssignment = New-Object microsoft.sharepoint.SPRoleAssignment($group)
$roleDefinition = $website.RoleDefinitions[$PermissionLevel]
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
$spFolder.RoleAssignments.Add($roleAssignment)
$spFolder.Update()
}
End
{
$website.Dispose()
}
}
Import-Csv C:\temp\folderpermission.csv | Create-SPFolder
Import-Csv C:\temp\folderpermission.csv | Set-SPFolderInheritPermission
foreach ($line in $csv){
if($line.SPGroup){
Set-SPFolderGroupUniquePermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -PermissionLevel $line.PermissionLevel -SPGroup $line.SPGroup -Verbose
Write-host $line.ADUser $line.SPGroup $FolderUrl
}
elseif($line.ADUser){
Set-SPFolderUserUniquePermission -WebURL $line.WebUrl -listName $line.ListName -FolderURL $FolderUrl -PermissionLevel $line.PermissionLevel -User $line.ADUser -Verbose
Write-host $line.ADUser $line.SPGroup $FolderUrl
}
else{
Write-Verbose "No security groups to configure. Skiping...."
}
}