powershell 此脚本删除/添加/更新文件夹和库的权限。
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了powershell 此脚本删除/添加/更新文件夹和库的权限。相关的知识,希望对你有一定的参考价值。
# ----------------------------------------------
# Author: Romain Blanchard
# Date: 04.02.2015
# Description: This script remove / add / update permissions of folders and libraries.
# ----------------------------------------------
# Parameters
param(
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
$Url
)
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
# Initialize log file.
$date = Get-Date -Format yyyy-MM-d-HHmmss
$logfile = "MBD_RemoveUnwantedPermissions_tmp_" + $date + ".txt"
Start-Transcript -Path $logfile -Force | Out-Null
# Initialize variables
$oWeb = Get-SPWeb $Url
$oWeb.AllowUnsafeUpdates = $true
Write-Host ""
Write-Host "## Working on MBD Document ##" -ForegroundColor Yellow
Write-Host ""
## Update MBD Document library permissions ##
$oDocLib = $oWeb.Lists["MBD Documents"]
if ($oDocLib -ne $null)
{
foreach ($folder in $oDocLib.RootFolder.SubFolders)
{
# Skip hidden "Forms" folder
if ($folder.Name -eq "Forms")
{
continue
}
# Work on all folders of the library
Write-Host "Working on '$folder' folder..." -ForegroundColor Yellow
[Microsoft.SharePoint.SPRoleAssignmentCollection]$spRoleAssignments = $folder.Item.RoleAssignments
for([int] $a=$spRoleAssignments.Count-1; $a -ge 0;$a--)
{
# Edit all group's permissions who contains "Approvers", except the one who contains the name of the list
$filter = "*"+ $folder.Name + "*"
if($spRoleAssignments[$a].Member.Name -notlike $filter -and $spRoleAssignments[$a].Member.Name -like "*Approvers*")
{
# Remove existing permissions
$groupname = $spRoleAssignments[$a].Member.Name
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine
$spRoleAssignments.Remove($a);
Write-Host " done!" -ForegroundColor green
# Add new permissions
Write-Host " Add read permission for "$groupname"..." -NoNewLine
$account = $oWeb.SiteGroups[$groupname]
$readassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
$role = $oWeb.RoleDefinitions["Read"]
$readassignment.RoleDefinitionBindings.Add($role);
$folder.Item.RoleAssignments.Add($readassignment)
Write-Host " done!" -ForegroundColor green
}
}
}
}
else {
Write-Host "MBD Document library cannot be found." -ForegroundColor Red
}
Write-Host ""
Write-Host "## Working on Archives ##" -ForegroundColor Yellow
Write-Host ""
## Update Archives library permissions ##
$oArchives = $oWeb.Lists["Archives"]
if ($oArchives -ne $null)
{
Write-Host "Breaking role inheritance of the library..." -NoNewLine
$oArchives.BreakRoleInheritance($true)
Write-Host " done!" -ForegroundColor green
[Microsoft.SharePoint.SPRoleAssignmentCollection]$spRoleAssignments = $oArchives.RoleAssignments
for([int] $a=$spRoleAssignments.Count-1; $a -ge 0;$a--)
{
# Remove all group's permissions and give only read access, except for Owners group
if($spRoleAssignments[$a].Member.Name -like "*Owners*")
{
# Remove existing permissions
$groupname = $spRoleAssignments[$a].Member.Name
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine
$spRoleAssignments.Remove($a);
Write-Host " done!" -ForegroundColor green
# Add full control permissions
Write-Host " Add full permission for "$groupname"..." -NoNewLine
$account = $oWeb.SiteGroups[$groupname]
$fullcontrolassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
$role = $oWeb.RoleDefinitions["Full Control"]
$fullcontrolassignment.RoleDefinitionBindings.Add($role);
$oArchives.RoleAssignments.Add($fullcontrolassignment)
Write-Host " done!" -ForegroundColor green
}
else
{
# Remove existing permissions
$groupname = $spRoleAssignments[$a].Member.Name
Write-Host " Remove permission for"$spRoleAssignments[$a].Member.Name"..." -NoNewLine
$spRoleAssignments.Remove($a);
Write-Host " done!" -ForegroundColor green
# Add read permissions
Write-Host " Add read permission for "$groupname"..." -NoNewLine
$account = $oWeb.SiteGroups[$groupname]
$fullcontrolassignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
$role = $oWeb.RoleDefinitions["Read"]
$fullcontrolassignment.RoleDefinitionBindings.Add($role);
$oArchives.RoleAssignments.Add($fullcontrolassignment)
Write-Host " done!" -ForegroundColor green
}
}
}
else {
Write-Host "Archives library cannot be found." -ForegroundColor Red
}
# Set back options
$oWeb.AllowUnsafeUpdates = $false
# Write log file
Stop-Transcript | Out-Null
$log = Get-Content $logfile
$log > $logfile.Replace('txt','log')
Remove-Item $logfile -Confirm:$false
以上是关于powershell 此脚本删除/添加/更新文件夹和库的权限。的主要内容,如果未能解决你的问题,请参考以下文章
powershell 用于向hosts文件添加/删除/查看条目的Powershell脚本。
将 Azure Powershell 命令转换为 Azure CLI
powershell 此PowerShell脚本从子站点组等于值的所有子站点中删除组。如果要删除gro,请使用此选项
powershell 此PowerShell脚本创建三个SharePoint列表并添加字段
powershell 此递归PowerShell脚本从SharePoint中删除网站及其所有子网站。这消除了无法进行del的问题