Create custom permissions for multiple Sites using PowerShell
It might be useful from time to time, and depending on the business requirements, to create custom permissions in SharePoint. Best practice would want to copy (or duplicate) a default permission already in SharePoint (and not modify any built-ins), and then add/remove whatever you don’t need.
In this blog post, we are going to use SharePoint PowerShell PnP to create custom permissions for multiple Sites in SharePoint Online.
For brand new sites, this is what we’ve got as built-in permissions under Site Permissions –> Permission Levels (in the ribbon):
- Full Control
For this scenario (add more to the READ permission level), and because we’re going to be using a built-in permission level as the source, we’re going to clone it, and add other permissions to it.
Remember that we’d like to create this custom permission for multiple sites, therefore, we can use a
.csv file containing our sites, and integrate it in the script.
For the PowerShell script, let’s explain the steps first.
- Connect to SharePoint Online Admin Center using the Connect-PnPOnline cmdlet (my credentials are stored in the Credential Manager so I’m not using the -Credential parameter)
- Import the Sites contained in the csv file using the Import-Csv cmdlet
- Create a foreach loop, where we:
- Connect to each site in the csv file to access it
- Retrieve the “Read” permission level using the
Get-PnPRoleDefinitioncmdlet + store it in a variable
- Run the
Add-PnPRoleDefinitioncmdlet by using splatting (not necessary, but just a way for the code to be easier to read by other colleagues for instance!)
The results after running the script should look like the below on each site.
Well… You could also use this script and, at the same time…
- Create a new SharePoint group using the
- Set this custom permission to the newly created SharePoint group using
- And finally, add members to this group using the
Thanks for reading!