[玩转系统] SharePoint Online：如何使用 PowerShell 打破权限继承？

作者：精品下载站日期：2024-12-14 14:14:48 浏览：15 分类：玩电脑

SharePoint Online：如何使用 PowerShell 打破权限继承？

要求：向 SharePoint Online 中的用户和组授予列表或库级别的权限。特定用户组具有站点级别的读取访问权限，并且要求提供对指定列表和库的编辑访问权限。

中断 SharePoint Online 中的权限继承：

当您在网站集上提供权限时，层次结构下的任何安全对象（例如子网站、列表、库、文件夹、文档和项目）都会从其父级继承权限。但是，在某些情况下，您希望通过分配唯一的权限来为任何这些安全对象提供精细的权限。

在列表或项目级别提供唯一权限包括两个步骤：第一步，停止从父级继承权限，然后向用户和/或组添加权限。以下是如何在 SharePoint Online 中中断权限继承：

导航到存储文档的 SharePoint 库。
选择文档 >> 单击功能区“管理”组下的“共享对象”。
在权限页面上，如果列表从父级继承权限，我们必须通过单击“停止继承权限”按钮来中断权限继承。确认一次提示。

现在，您可以通过单击“授予”组中的“授予权限”按钮向特定列表或列表项权限添加或删除用户。

一旦停止继承权限 - 所有用户和组都会从父对象复制到子对象。从这一点开始，以后对父对象所做的任何权限更改都不再影响子对象！

SharePoint Online 唯一权限限制：建议的限制是具有 5000 个唯一权限，但支持的最大唯一权限数为 50,000。

PowerShell 打破列表项的权限继承：

下面是用于 SharePoint Online 的 PowerShell，用于停止从父级继承权限。


#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/projects"
$ListName="Projects"
$ItemID=1

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Cred
  
#Get the List and Item
$List=$Ctx.web.Lists.GetByTitle($ListName)
$Item=$List.GetItemByID($ItemID)

#stop inheriting permissions sharepoint online powershell
$Item.BreakRoleInheritance($True, $True)
$ctx.ExecuteQuery()

同样，您可以使用 PowerShell 中断列表中所有项目的继承，如下所示：


#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Variables for Processing
$SiteURL = "https://Crescent.sharepoint.com/Sales"
$ListName = "Documents"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
 
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred
     
    #Get the List
    $List=$Ctx.Web.Lists.GetByTitle($ListName)
    $Ctx.Load($List)
    $Ctx.ExecuteQuery()
        
    #Get All List Items
    $Query = New-Object Microsoft.SharePoint.Client.CamlQuery
    $Query.ViewXml ="<View Scope='RecursiveAll' />"
    $ListItems = $List.GetItems($Query)
    $Ctx.Load($ListItems)
    $Ctx.ExecuteQuery()

    #Loop through each list item
    For($i=0;$i -lt $ListItems.Count;$i++)
    {        
        #Break Inheritance copying permissions from parent
        $ListItems[$i].BreakRoleInheritance($True, $False)
    } 
    $Ctx.ExecuteQuery() 
    write-host  -f Green "Permission Inheritance Broken for All Items in the List '$ListName'"
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

SharePoint Online：停止使用 PowerShell 继承权限

让我们向该脚本添加一些错误处理并打破列表的权限继承。


#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/Marketing/"
$ListName="Documents"

#Setup Credentials to connect
$Cred = Get-Credential
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)

Try {  
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Cred
  
    #Get the List
    $List=$Ctx.web.Lists.GetByTitle($ListName)
    $Ctx.load($List)
    $List.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()

    #Check if list is inheriting permissions; Break permissions of the list, if its inherited
    if($List.HasUniqueRoleAssignments -eq $False)
    {
        #sharepoint online break inheritance powershell 
        $List.BreakRoleInheritance($True,$True) #keep existing list permissions & Item level permissions
        $Ctx.ExecuteQuery()
        Write-host -f Green "Permission inheritance broken successfully!"
    }
    else
    {
        Write-Host -f Yellow "List is already using Unique permissions!"
    }
}
Catch {
    write-host -f Red "Error Granting Permissions!" $_.Exception.Message
}

要重置唯一权限并从父级还原，您可以使用：SharePoint Online：用于继承权限的 PowerShell

PnP PowerShell 打破列表的权限继承

以下是如何使用 PowerShell PnP 中断 SharePoint Online 中的继承：


#Config Variables
$SiteURL = "https://Crescent.sharepoint.com/sites/marketing"
$ListName ="Documents"

#Get Credentials to connect
$Cred = Get-Credential

Try {
    #Connect to PnP Online
    Connect-PnPOnline -Url $SiteURL -Credentials $Cred
    
    #Try to Get the List
    $List = Get-PnPList -Identity $ListName

    If($List)
    {
        #Break Permission Inheritance of the List
        Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments 
        Write-Host -f Green "Permission Inheritance Broken for List!"
    }
    Else
    {    
        Write-Host -f Yellow "Could not Find List '$ListName'"
    }    
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

该脚本使用“CopyRoleAssignments”开关从父级复制权限。您可以使用“ClearSubscopes”来清除权限！

相关帖子：