开发者

Remove unwanted user permissions from SharePoint

开发者 https://www.devze.com 2022-12-20 15:09 出处:网络
I have a POSH script that sets a user\'s access to a specific folder for some files to read. The user\'s group gets assigned to the folder (which happens to be the same name).

I have a POSH script that sets a user's access to a specific folder for some files to read.

The user's group gets assigned to the folder (which happens to be the same name).

I then created a new view, set it to default, and told it to display all files without folders.

This script has been working perfectly for 4 months but now some people want to use the mobile view and I am running into an issue. If a user does not have read access from the root directory to the folder in question, SharePoints mobile view will not show the folder.

For example the user has the following permissions set: Limited Access on the root Limited Access on the Alpha folder Read access to the folder under Alpha

I need to make it so a user can view this in the mobile view.

Here is my code:

#region Start
# Create Connection to stopwatch diagnostics
[Void][System.Diagnostics.Stopwatch] $sw;
# New Stopwatch object
$sw = New-Object System.Diagnostics.StopWatch;
# Stop any watches that might be running
$sw.Stop();                                         
$sw.Start();
clear
[int]$a = 0;
# Which folders to assign
[array]$sections = "Alpha","Bravo","Charlie","Delta";
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");
#endregion

#region The meat and potatoes
foreach ($section in $sections) {
    #region get the Directories
    $pathtowd = "\\path\to\webdav\$section";                                    # UNC Path to the pivots
    $dirs = Get-ChildItem $pathtowd | Where-Object { $_.Attributes -band [System.IO.FileAttributes]::Directory }
    #endregion

    #region Connect to SharePoint
    $SPSite = New-Object Microsoft.SharePoint.SPSite("http://sharepoint");                  # Connect to SharePoint
    $OpenWeb = $SpSite.OpenWeb("/Downloads");                                               # Subsite of downloads
    #endregion
    [int]$i = 0;                                                                            # Integer to increment
    foreach ($dir in $dirs) {
        $verify_groups = $OpenWeb.groups | ? {$_.Name -eq "$dir"; }                         # Verify the groups
        if ($verify_groups -ne $null) {
            if ($dir.ToString() -eq $verify_groups.ToString()) {
                $i++;                                                                       # Increment the groups
                Write-Host "[", $sw.Elapsed.ToString(), "] -",$dir -F Green;                # Output status
                $path = "http://sharepoint/Downloads/Pivots/$section/" + $dir;              # Set the Path
                $spc = $OpenWeb.SiteGroups;                                                 # SharePoint connection
                $group = $spc[$dir];                                                        # Directory
                $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($group); # Role Assignment connection
                $OpenWeb.GetFolder($path).Item.BreakRoleInheritance("true");                # Break 开发者_如何学运维inheritance
                $roleAssignment.RoleDefinitionBindings.Add($OpenWeb.RoleDefinitions["Read"]);# Set permissions
                $OpenWeb.GetFolder($path).Item.RoleAssignments.Add($roleAssignment);        # Add the role
                $OpenWeb.GetFolder($path).Item.Update();
            }
            else { Write-Host "[", $sw.Elapsed.ToString(), "] -", $verify_groups " is empty"; }
        }
    }
    Write-Host '[' $sw.Elapsed.ToString() '] - found '$i' Folders' -f Red;                  # Output Status
    $SPSite.Dispose();                                                                      # Dispose the connection
    $OpenWeb.Dispose();
    $a = $a+$i;                                                                             # Total Folders
}
#endregion

$sw.Stop();                                                                             # Stop the timer
[string]$howlong = $sw.Elapsed.ToString();                                              # How long
write-host "Updated in Time: " $howlong -F Green;                                       # Last message


Found it. Took 4 hours straight of trial and error but it works. Hope this helps someone else out as well. Place before $OpenWeb.GetFolder($path).Item.Update();

$returnGroups = $OpenWeb.GetFolder($path).Item.RoleAssignments | `
        where {`
         ($_.RoleDefinitionBindings -eq $OpenWeb.RoleDefinitions["Limited Access"]) -and `
         ($_.RoleDefinitionBindings -notcontains $OpenWeb.RoleDefinitions["Read"])`
        };
        if ($returnGroups -not $null)
        {
         foreach ($item in $returnGroups)
         {
          Write-Host "Removing: " $item.Member;
          $OpenWeb.GetFolder($path).Item.RoleAssignments.Remove($spc[$item.Member]);
         }
        }
0

精彩评论

暂无评论...
验证码 换一张
取 消