使用 PowerShell 添加/删除 SharePoint 列表权限

要求：使用 PowerShell 在 SharePoint 中设置列表权限

PowerShell 可用于添加/删除 SharePoint 列表的权限。下面是我的 PowerShell 脚本，用于授予和删除对 SharePoint 网站、列表和库的权限。

向用户或组授予 SharePoint 列表权限

需要快速授予某人访问您的 SharePoint 列表的权限？您可以使用 PowerShell 向 SharePoint 中的用户授予权限！在这篇博文中，我们将引导您完成向用户或组授予权限的脚本：

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Grant Permission to List
function Grant-PermissionToList($WebUrl, $ListName, $UserAccount, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to grant permission directly on the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the user object
        $User = $web.EnsureUser($UserAccount)
        #FOR GROUPS use: $group = $web.SiteGroups[$GroupName]
        #$assignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
            
        #Get the permission level
        $role = $web.RoleDefinitions[$PermissionLevel]
        $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($User)
        $assignment.RoleDefinitionBindings.Add($role) 
        $list.RoleAssignments.Add($assignment)
        $list.Update()

        Write-Host "Granted permission $($PermissionLevel) to $($UserAccount) in list $($ListName)." -foregroundcolor Green        
    }
    $web.Dispose()
}

#Call the function to grant access to a list
Grant-PermissionToList "https://sharepoint.crescent.com" "Documents" "Global\Auditors" "Contribute"                

用于从列表中删除权限的 PowerShell 脚本：

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to Remove Permission from List
function Remove-PermissionFromList($WebUrl, $ListName, $GroupName, $PermissionLevel)
{
    #Get Web and List objects
    $Web = Get-SPWeb -Identity $WebUrl
    $List = $web.Lists.TryGetList($ListName)

    if ($List -ne $null)
    {
        #We must break inheritance to remove permission directly from the list
        if ($List.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }

        #Get the Group or user object
        $group = $web.SiteGroups[$GroupName]
        
        if($group -ne $null)
        {
            #For User, use: $User = $web.EnsureUser($UserAccount)
            #To Remove All permissions of the group, use: 
            #$list.RoleAssignments.Remove($group)    

             #If group doesn't has access to the given list, it triggers an error! So, lets handle it.
             try
             {
                #Set the Error Action
                $ErrorActionPreference = "Stop"
                #Get the permission level
                $role = $web.RoleDefinitions[$PermissionLevel]
                $assignment = $list.RoleAssignments.GetAssignmentByPrincipal($group)
                #Remove the permissions
                $assignment.RoleDefinitionBindings.Remove($role)
                $assignment.Update()

                $list.Update()
                Write-Host "Removed permission $($PermissionLevel) of $($GroupName) from list $($ListName)." -foregroundcolor Green

             }
             catch [ArgumentException] 
             {
                Write-Host "Group ($GroupName) doesn't has access on $($ListName)!" -ForegroundColor Red
             }
             finally
             {
                #Reset the Error Action to Default
                $ErrorActionPreference = "Continue"
             }            
        }
        else
        {
            Write-Host "Cannot find Group Name: $($GroupName) in site $($WebUrl)." -foregroundcolor red
        }        
    }
    $web.Dispose()
}

#Call the function 
Remove-PermissionFromList "https://Sharepoint.crescent.com/sites/sales" "Sales Documents" "Sales Members" "Edit"              

尽管此脚本显示添加删除对 SharePoint 列表对象的权限，但这也可以用在站点、文件夹、列表项对象的位置！只需将 $list 对象替换为其他对象，例如网页、文件夹或列表项。您可以向特定用户、SharePoint 组或 Active Directory 中的安全组授予或删除权限。

要使用 PowerShell 将用户添加到 SharePoint 组，请参阅：如何使用 PowerShell 将用户添加到 SharePoint 网站？