Friday, June 29, 2012

Creating a new permission level in SharePoint 2010 using PowerShell

When the out-of-the-box permission levels do not meet your needs then SharePoint 2010 allows you the capability to create new combinations of permissions that can cater your needs.

There are two ways of creating Permission level
 - SP2010 GUI
 - PowerShell.

Using SP2010 GUI it is very easy to create permission level, if this is only needed for one or two Site Collections. Imagine you have 100 + Site Collections then this solution will not work, Obvious choice is to use PowerShell.

Here is the PowerShell script to create custom permission level

When
$webapp = Get-SPWebApplication http://xyz.com
foreach ($SPSite in $webapp.sites)
{
$OpenWeb = $SpSite.OpenWeb()
$spWeb = Get-SPWeb $OpenWeb.url
$spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition
$spRoleDefinition.Name = "Site Owner"
$spRoleDefinition.Description = "Custom Permission for Site Owner"
$spRoleDefinition.BasePermissions = "
ManageLists,
CancelCheckout,
AddListItems,
EditListItems,
DeleteListItems,
ApproveItems,
ViewListItems,
OpenItems,
ViewVersions,
DeleteVersions,
CreateAlerts,
ViewFormPages,
ManageSubwebs, 
CreateGroups, 
ManagePermissions,
ManageWeb,
ViewUsageData,
AddAndCustomizePages,
BrowseDirectories,
EnumeratePermissions,
ManageAlerts,
Open,
ViewPages,
BrowseUserInfo,
UseClientIntegration,
EditMyUserInfo,
UseRemoteAPIs,
AddDelPrivateWebParts,
UpdatePersonalWebParts,
ManagePersonalViews"
$spweb.RoleDefinitions.Add($spRoleDefinition)
$SPSite.Dispose()
$OpenWeb.Dispose()
}

Happy scripting J

No comments:

Post a Comment