Modifying list permissions from Powershell

There can be cases where you need to make changes to list permissions or list behaviour regarding security from PowerShell. One case may be where a saved site template does not contain all settings for a list, such as Item-level permission settings (found in List Settings → Advanced Settings). Another case may be a list with unique permissions.

This post contains two examples for making changes to these kind of list settings and permissions from Powershell. These are taken from a deployment script I created for a client.

This script will alter the Item-level Permissions for a list called “Questions” so that users can only access and edit list items they themselves created:

Furthermore, it adds Contribute permissions to the Visitors group for the list, providing unique list permissions (breaking inheritance).

# Alter Item-Level Permission settings and assign "Contribute" role definition to the visitors group
# (c) 2011 Morgan de Jonge

# Specify the name of the visitors SharePoint group
$visitorsSPGroupName = "Example Site Visitors"

$spSite = Get-SPSite "http://portal.contoso.com"
# We'll assume the list is in the top-level site in the site collection
$spWeb = $spSite | Get-SPWeb
# Look up the list named "Questions"
$questionsList = $spWeb.Lists["Questions"]

# Set the Read access Item-level permissions settings to "Read items that were created by the user"
$questionsList.ReadSecurity = 2
# Set the Create and Edit access Item-level permissions to "Create items and edit items that were created by the user
$questionsList.WriteSecurity = 2

# Assign the "Contribute" RoleDefition to the site's visitors group
$visitorsSPGroup = $spWeb.Groups[$visitorsSPGroupName]
$questionsList.BreakRoleInheritance($true)
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($visitorsSPGroup)
# Assuming this is a default site, we'll look for a role definition of the type "Contributer".
# This way, the script will also work with SharePoint sites created in languages besides English.
$assignment.RoleDefinitionBindings.Add(($spWeb.RoleDefinitions | Where-Object { $_.Type -eq "Contributor" }))
$questionsList.RoleAssignments.Add($assignment)

$questionsList.Update()

$spWeb.Dispose()
$spSite.Dispose()
(To copy this code, double-click the anywhere in the code and press CTRL/Cmd+C to copy it)

In line 24, you could’ve also looked up the role using $spWeb.RoleDefinitions[“Contribute”], but selecting it based on type will ensure it also works with SharePoint sites in different languages.

See MSDN for the possible values for a list’s ReadSecurity and WriteSecurity.

2 thoughts on “Modifying list permissions from Powershell

  1. Pingback: Using Powershell to Add Permission Levels in SharePoint 2010 | Morgan's SharePoint Blog

  2. Great article!
    this code helped me to set the read security , write security in my blog sub site.
    thanks very much!

Leave a Reply

Your email address will not be published. Required fields are marked *