Tuesday, December 4, 2012

Create Site Permission Groups and Add Users for SharePoint - Powershell

The following post is a PowerShell script to create or remove site level permission groups and add users to those group for SharePoint.
Function to create a permission group...

function Create-SPGroupInWeb  
{  
    param ($url, $groupName, $permissionLevel, $description)  
    try{
        $web = Get-SPWeb -Identity $url 
        if($web -ne $null){
            if ($web.SiteGroups[$groupName] -ne $null)  
            {  
                write-Host -f red "Group $groupName already exists!"
            }  
            else  
            {  
                $web.SiteGroups.Add($groupName, $web.Site.Owner, $web.Site.Owner, $description)  
                $group = $web.SiteGroups[$groupName]  
                $roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)  
                $roleDefinition = $web.Site.RootWeb.RoleDefinitions[$permissionLevel]  
                $roleAssignment.RoleDefinitionBindings.Add($roleDefinition)  
                $web.RoleAssignments.Add($roleAssignment)  
                $web.Update()  
                write-Host "Group $groupName created successfully" 
            }  

            $web.Dispose() 
        }
    }
    catch [System.Exception]
    {
        write-host -f red $_.Exception.ToString()
    }
}

Function to remove permission groups by name...
function Remove-SPGroupInWeb  
{  
    param ([string]$url, [string]$groupName)  
    try{
        $web = Get-SPWeb -Identity $url 
        if($web -ne $null){
            if($web.SiteGroups[$groupName] -ne $null){
                write-Host -f yellow "Removing site group $groupName"
                $web.SiteGroups.Remove($groupName)
            }
            $web.Update()
            $web.Dispose() 
        }
    }
    catch [System.Exception]
    {
        write-host -f red $_.Exception.ToString()
    }
}

Function to add users to the group...
function Add-User
{
    param ($url, $groupName, $userName) 
    try{
        $web = Get-SPWeb $url
        if($web -ne $null){
            $MyGrp = $web.SiteGroups[$groupName]
            $user = $web.Site.RootWeb.EnsureUser($userName)
            $MyGrp.AddUser($user)
            write-Host "$userName added to $groupName" 
            $web.Update()
            $web.Dispose()
        }
    }
    catch [System.Exception]
    {
        write-host -f red $_.Exception.ToString()
    }
}

How to call the functions...
Remove-SPGroupInWeb -url "http://my-webApp:port/" -groupName "New Group"

Create-SPGroupInWeb -url "http://my-webApp:port/" -groupName "New Group" -permissionLevel "Read" -description "My New Group Description"

Add-User -url "http://my-webApp:port/" -groupName "New Group"-userName "domain\myUserName" 


As for the permission level of the group your going to create, For full control, send "Full Control" as the permissionLevel parameter. Running this code directly in SharePoint Management Shell wont be a problem.
Incase you are running it on Windows PowerShell, run this command as well... "Add-PSSnapin "Microsoft.SharePoint.PowerShell"


If you have any questions. I'll be glad to reply with what ever I know :) .

8 comments:

  1. this is so helpful. keep them coming :)

    ReplyDelete
  2. Great. I'm looking for a good script that will take a group and add it to all sites that have broken inheritance from the main web app or site collection. We have a custom group that we want all sites to have and that users don't remove after breaking inheritance.

    ReplyDelete
    Replies
    1. I suggest you to loop through the sites in the site collection for this purpose.

      $subWebApplicationURL = "http://siteColUrl"
      function Looper(){
      Get-SPWebApplication $subWebApplicationURL | Get-SPSite -Limit All | Get-SPWeb -Limit All | % {
      $subWeb = $_
      [string]$siteUrl = $_.ServerRelativeUrl
      }
      }

      Delete
  3. Hi Hemika,

    I have created user group using your script, however i dont see that newly creted user group in site permissions page.

    can u help me on this.

    Regards,
    Rama kishor

    ReplyDelete
    Replies
    1. The user groups gets created to the site where the url parameter matches.(-url "http://my-webApp:port/")
      Also check if you have permission to view the groups.

      Delete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Thanks for this, it's awesome.

    How can I get the Group to accept HTML code in the Description?

    Thanks

    ReplyDelete