Create custom permission levels and groups using PowerShell

$siteUrl =  Read-Host "Enter Site Collection URL:"
$siteUrl = $siteUrl.Trim();
$site=Get-SPSite $siteUrl
$web=$site.RootWeb;
write-host "Connected to the site successfully..."

write-host "Step 1: Creating custom permission level: Admin"
$plAdmin=New-Object Microsoft.SharePoint.SPRoleDefinition
$plAdmin.Name="Admin"
$plAdmin.Description="Custom Permission Level to manage application"
$plAdmin.BasePermissions="EmptyMask,
ViewListItems,
AddListItems,
EditListItems,
DeleteListItems,
ApproveItems,
OpenItems,
ViewVersions,
DeleteVersions,
CancelCheckout,
ViewFormPages,
Open,
ViewPages,
AddAndCustomizePages,
ApplyThemeAndBorder,
ApplyStyleSheets,
ViewUsageData,
ManagePermissions,
BrowseDirectories,
BrowseUserInfo,
AddDelPrivateWebParts,
UpdatePersonalWebParts,
UseClientIntegration,
UseRemoteAPIs,
ManageAlerts,
CreateAlerts,
EditMyUserInfo,
EnumeratePermissions"
$web.RoleDefinitions.Add($plAdmin);
write-host "Step 1: Done"

write-host "Step 2: Creating custom permission level: Requestor"
$plRequestor=New-Object Microsoft.SharePoint.SPRoleDefinition
$plRequestor.Name="Requestor"
$plRequestor.Description="Custom Permission Level to raise facilities orders"
$plRequestor.BasePermissions="EmptyMask,
ViewListItems,
AddListItems,
OpenItems,
ViewVersions,
ViewFormPages,
Open,
ViewPages,
BrowseDirectories,
BrowseUserInfo,
UseClientIntegration,
UseRemoteAPIs,
CreateAlerts,
EditMyUserInfo"
$web.RoleDefinitions.Add($plRequestor);
write-host "Step 2: Done"

write-host "Step 3: Creating custom permission level: Approver"
$plApprover=New-Object Microsoft.SharePoint.SPRoleDefinition
$plApprover.Name="Approver"
$plApprover.Description="Custom Permission Level to approve facilities orders"
$plApprover.BasePermissions="EmptyMask,
ViewListItems,
AddListItems,
EditListItems,
ApproveItems,
OpenItems,
ViewVersions,
ViewFormPages,
Open,
ViewPages,
ViewUsageData,
BrowseDirectories,
BrowseUserInfo,
UseClientIntegration,
UseRemoteAPIs,
CreateAlerts,
EditMyUserInfo"
$web.RoleDefinitions.Add($plApprover);
write-host "Step 3: Done"

write-host "Creating Group: FITOMS Admin"
$web.SiteGroups.Add("FITOMS Admin", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people admin permissions to the $web site")
$adminGroup = $web.SiteGroups["FITOMS Admin"]
$adminGroup.AllowMembersEditMembership = $true
$adminGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS Requestor"
$web.SiteGroups.Add("FITOMS Requestor", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people requestor permissions to the $web site")
$requestorGroup = $web.SiteGroups["FITOMS Requestor"]
$requestorGroup.AllowMembersEditMembership = $true
$requestorGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS Manager"
$web.SiteGroups.Add("FITOMS Manager", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$ManagerGroup = $web.SiteGroups["FITOMS Manager"]
$ManagerGroup.AllowMembersEditMembership = $true
$ManagerGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS Drafter"
$web.SiteGroups.Add("FITOMS Drafter", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$DrafterGroup = $web.SiteGroups["FITOMS Drafter"]
$DrafterGroup.AllowMembersEditMembership = $true
$DrafterGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS QA"
$web.SiteGroups.Add("FITOMS QA", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$QAGroup = $web.SiteGroups["FITOMS QA"]
$QAGroup.AllowMembersEditMembership = $true
$QAGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS Plotter"
$web.SiteGroups.Add("FITOMS Plotter", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$PlotterGroup = $web.SiteGroups["FITOMS Plotter"]
$PlotterGroup.AllowMembersEditMembership = $true
$PlotterGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS Shipper"
$web.SiteGroups.Add("FITOMS Shipper", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$ShipperGroup = $web.SiteGroups["FITOMS Shipper"]
$ShipperGroup.AllowMembersEditMembership = $true
$ShipperGroup.Update()
write-host "Done."

write-host "Creating Group: FITOMS GPS"
$web.SiteGroups.Add("FITOMS GPS", $web.Site.Owner, $web.Site.Owner, "Use this group to grant people approver permissions to the $web site")
$GPSGroup = $web.SiteGroups["FITOMS GPS"]
$GPSGroup.AllowMembersEditMembership = $true
$GPSGroup.Update()
write-host "Done."

$user1 = $web.Site.RootWeb.EnsureUser("NT AUTHORITY\authenticated users")
$requestorGroup.AddUser($user1)
write-host "Added all authenticated users to requestor group"
###### Create a new assignment (group and permission level pair) which will be added to the web object
write-host "Creating assignments"
$adminGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($adminGroup)
$requestorGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($requestorGroup)
$ManagerGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($ManagerGroup)
$DrafterGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($DrafterGroup)
$QAGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($QAGroup)
$PlotterGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($PlotterGroup)
$ShipperGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($ShipperGroup)
$GPSGroupAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($GPSGroup)
write-host "Done."
###### Get the permission levels to apply to the new groups
$readRoleDefinition = $web.Site.RootWeb.RoleDefinitions["Read"]
###### Assign the groups the appropriate permission level
$adminGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$requestorGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$ManagerGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$DrafterGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$QAGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$PlotterGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$ShipperGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
$GPSGroupAssignment.RoleDefinitionBindings.Add($readRoleDefinition)
###### Add the groups with the permission level to the site
$web.RoleAssignments.Add($adminGroupAssignment)
$web.RoleAssignments.Add($requestorGroupAssignment)
$web.RoleAssignments.Add($ManagerGroupAssignment)
$web.RoleAssignments.Add($DrafterGroupAssignment)
$web.RoleAssignments.Add($QAGroupAssignment)
$web.RoleAssignments.Add($PlotterGroupAssignment)
$web.RoleAssignments.Add($ShipperGroupAssignment)
$web.RoleAssignments.Add($GPSGroupAssignment)
$web.Update()
write-host "Permission levels and Groups created successfully"
$web.Dispose()
$site.Dispose()

Comments

  1. AnonymousMarch 13, 2013 at 2:24 PM

    How about adding the groups to the quicklaunch?

    ReplyDelete
  2. Gowri Sankar PokuriMay 3, 2013 at 1:24 PM

    Here is the link to do this.
    http://gowrisharepoint.blogspot.com/2013/05/add-sharepoint-group-to-people-and.html

    ReplyDelete
  3. UnknownJanuary 24, 2014 at 1:16 AM

    Can we edit the $plAdmin.BasePermissions for a roledefinition say contribute and add two more levels like copy and move

    ReplyDelete

Post a Comment

Popular posts from this blog

Switch from Classic to Claims Authentication in SharePoint 2010

SharePoint 2013 tutorials, SharePoint 2010 articles, SharePoint interview questions: Switch from Classic to Claims Authentication in Sh... : In this article we will discuss how to switch from Classic Mode Authentication to Claims Authentication. $webApp = Get-SPWebApplication “http://web application URL/” $webApp.UseClaimsAuthentication = 1 $webApp.Update() $webApp.ProvisionGlobally() $webApp.MigrateUsers($True)
Read more

How to query list data using web service

In SharePoint, to query list data we can also use web services provided by SharePoint other than SharePoint API. We can call web services from two places one is JavaScript and another one is .Net client application. Here I will show you both methods. .Net client application To query list data we will use a web service called lists.asmx . 1. Create .net project either windows/console. 2. Add the web reference and the URL looks like http://<servername:portno>/_vti_bin/lists.asmx 3. Give the web reference name as ListsSvc . 3. Add the following code snippet to get list data. ListsSvc. Lists listService = new  ListsSvc. Lists (); // If the current user is having access you can use below code listService.Credentials = CredentialCache .DefaultCredentials; // In case if you want to pass specific user credentials listService.Credentials = new NetworkCredential ( "<username>" , "<password>" , "<domain>" ); string v...
Read more