Black Friday / Cyber Monday is here! Save 87% on all of our Workshops! 

2019-01-22

**update 21/01/2019 – having read the comments and testing myself there may have been a change in the way Get-PnPListItem retrieves data from when the script was published so we need to carry out a CAML Query to get the list item, I have updated the script to reflect this

I came across a scenario where I was given a CSV file with names and email addresses and asked to create a large number of folders, each folder had to have a specific name and be uniquely permissioned to different users based off the CSV. I knew this task would take too long to carry out manually so I decided to do this with PowerShell.

After some researching I had it narrowed down to 2 options, use this script from the Technet gallery or use the PnP module and create my own. I am not the biggest fan of doing things with CSOM in PowerShell, when I have a choice I would lean towards using PnP Powershell, it’s cleaner and easier to write/modify and understand in my opinion.

Lets get started – 

We want to :

  1. Create a folder
  2. Set unique permission on the newly created folder 

First thing is to ensure you have PnP PowerShell installed, you can do that here if you have not already. If you need to ensure you have PnP installed just run this command – 

Get-Command -Module *PnP*

Second, we need to make sure we have a CSV file with the following headers and the relevant information, the name will be the folder name the EmailAddress will be the user that will have access to the folder

There are 4 variables in the script we have to fill in

  1. The site URL that your list/library is on
  2. The name of the list or library the folders will be created in
  3. The level of access you want to give to the user to the folder (read, contribute etc)
  4. The path to the CSV file 

Once you have filled out the variables correctly you can run the script

#1
$siteurl = "https://yourtenant.sharepoint.com/sites/sitename"                
#2
$listname = "Library/list name"          
#3
$access = "full control" 
#4
$Folders = Import-Csv "link to your CSV file"    


 #----------START OF SCRIPT DO NOT MODIFY----------#
 connect-PnPOnline –Url $siteurl –Credentials (Get-Credential)
 foreach ( $entry in $Folders )
 {

$foldername = $entry.name
$emailaddress = $entry.EmailAddress


#Create Folder
Add-PnPFolder -Name $foldername -Folder $listname 

#get folder properites from list
$listItem = Get-PnPListItem -List $listname -Query "<View><Query><Where><Eq><FieldRef Name='Title'/><Value Type='Text'>$foldername</Value></Eq></Where></Query></View>"

Write-Host "setting folder up for $foldername"

#set permissions on the folder
Set-PnPListItemPermission -List $listname -Identity $listItem -User $emailaddress -AddRole $access -ClearExisting

}

 #----------END OF SCRIPT DO NOT MODIFY----------#

One thing to note is after the folders have been created your account will also have full control to the folder.

if you do not want this to happen just add this line below the other Set-PnPListItemPermission on the script (remember to change YOURACCOUNT to your account email that you are running the script with)

set-PnPListItemPermission -List $listname -Identity $listItem -User YOURACCOUNT -RemoveRole 'Full Control'

 

(Visited 990 times, 1 visits today)

About the author 

Jamie Bray

Office 365 Collaboration Specialist at Parliamentary Digital Service

Leave a Reply

  1. I’m assuming this is still subject to the unique permissions limit of 50,000 per list or library, correct? Still trying to confirm that that is still a thing in SPO and understand exactly how the total is calculated. For example, if one file has permission inheritance broken and then 5 users are given explicit permissions, does that count as one, or 5?

  2. GEtting this error
    Get-PnPListItem : Cannot complete this action.
    Please try again.

    my code

    Connect-PnPOnline -url “https://url..”
    #list url
    $listname = “Documents%20partages”
    $foldername = “c”
    #Add-PnPFolder -Name $foldername -Folder $listname
    Get-PnPListItem -List $listname -Query “$foldername”
    Write-Host $listItem.Name

  3. I managed to get it work this way
    $listItem = Get-PnPListItem -List $listname -Query “$foldername”
    Set-PnPListItemPermission -List $listname -Identity $listItem -User $Emailaddress -AddRole $access -ClearExisting

    1. The only way I could figure this out was to use a CAML Query. Could never get the -Query to work with a $foldername variable. I did you the $foldername variable in the CAML Query though. I’m also getting just folders using the ContentType filter.
      $listItem = Get-PnPListItem -List $listname -Query “Folder$foldername”

  4. Hello, I have the follow issue to run this script… please can you help me ?
    Get-PnPListItem : Não é possível concluir esta ação.
    Tente novamente.
    No linha:23 caractere:14
    + … $listItem = Get-PnPListItem -List $listname -Query {where folder -eq …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : WriteError: (:) [Get-PnPListItem], ServerException
    + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.Lists.GetListItem

    Set-PnPListItemPermission : Não é possível associar o argumento ao parâmetro ‘Identity’ porque ele é nulo.
    No linha:26 caractere:54
    + … Set-PnPListItemPermission -List $listname -Identity $listItem -User $ …
    + ~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Set-PnPListItemPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,SharePointPnP.PowerShell.Commands.Lists.SetListItemPermission

    1. Sorry, the correct error is:

      Get-PnPListItem : Não é possível concluir esta ação.
      Tente novamente.
      No linha:23 caractere:14
      + $listItem = Get-PnPListItem -List $listname -Query $foldername
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : WriteError: (:) [Get-PnPListItem], ServerException
      + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.Lists.GetListItem

      Set-PnPListItemPermission : Não é possível associar o argumento ao parâmetro ‘Identity’ porque ele é nulo.
      No linha:26 caractere:54
      + … Set-PnPListItemPermission -List $listname -Identity $listItem -User $ …
      + ~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Set-PnPListItemPermission], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,SharePointPnP.PowerShell.Commands.Lists.SetListItemPermission

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

2 Free Ebooks: How to govern Microsoft teams 

Download your 2 free Microsoft Teams governance Ebooks and learn the steps necessary to create a bullet-proof governance strategy.