» » » SharePoint: Using powershell to work with SharePoint groups

SharePoint: Using powershell to work with SharePoint groups

,
Following powershell functions can be used to create Groups, Remove permissions from a group in a list and adding permissions to a group in a list
function Create-SPGroupInWeb
{
    param ($Url, $GroupName, $PermissionLevel, $Description)
    $web = Get-SPWeb -Identity $Url
    if ($web.SiteGroups[$GroupName] -ne $null)
    {
        Write-Host "Group $GroupName already exists!" -foregroundcolor Red
    }
    else
    {
        $web.SiteGroups.Add($GroupName, $web.Site.Owner, $web.Site.Owner, $Description)
        $group = $web.SiteGroups[$GroupName]
        $roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
        $roleDefinition = $web.Site.RootWeb.RoleDefinitions[$PermissionLevel]
        $roleAssignment.RoleDefinitionBindings.Add($roleDefinition)
        $web.RoleAssignments.Add($roleAssignment)
        $web.Update()
        Write-Host "Group $GroupName created successfully" -foregroundcolor Green
    }

    $web.Dispose()
}

function Remove-SPPermisssionFromListGroup
{
    param ($Url, $ListName, $GroupName, $PermissionLevel)
    $web = Get-SPWeb -Identity $Url
    $list = $web.Lists.TryGetList($ListName)
    if ($list -ne $null)
    {
        if ($list.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }
        else
        {
            if ($web.SiteGroups[$GroupName] -ne $null)
            {
                $group = $web.SiteGroups[$GroupName]
                $roleAssign = $list.RoleAssignments.GetAssignmentByPrincipal($group);
                $roleDefinition = $web.RoleDefinitions[$PermissionLevel];
                $roleAssign.RoleDefinitionBindings.Remove($roleDefinition);
                $roleAssign.Update();
                $list.Update();
                Write-Host "Successfully removed $PermissionLevel permission from $GroupName group in $ListName list." -foregroundcolor Green
            }
            else
            {
                Write-Host "Group $GroupName does not exist." -foregroundcolor Red
            }
        }
    }
    else
    {
        Write-Host "List $ListName does not exist!" -foregroundcolor Red
    }

    $web.Dispose()
}

function Add-SPPermissionToListGroup
{
    param ($Url, $ListName, $GroupName, $PermissionLevel)
    $web = Get-SPWeb -Identity $Url
    $list = $web.Lists.TryGetList($ListName)
    if ($list -ne $null)
    {
        if ($list.HasUniqueRoleAssignments -eq $False)
        {
            $list.BreakRoleInheritance($True)
        }
        else
        {
            if ($web.SiteGroups[$GroupName] -ne $null)
            {
                $group = $web.SiteGroups[$GroupName]
                $roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($group)
                $roleDefinition = $web.RoleDefinitions[$PermissionLevel];
                $roleAssignment.RoleDefinitionBindings.Add($roleDefinition);
                $list.RoleAssignments.Add($roleAssignment)
                $list.Update();
                Write-Host "Successfully added $PermissionLevel permission to $GroupName group in $ListName list. " -foregroundcolor Green
            }
            else
            {
                Write-Host "Group $GroupName does not exist." -foregroundcolor Red
            }
        }
    }

    $web.Dispose()
}

The functions can be called like this:
# Create web level groups
Create-SPGroupInWeb $Url "Finance Members" "Read" "Finance Members group"

# Remove contribute permissions from groups in Customers List. 
Remove-SPPermisssionFromListGroup $Url "Customers" "Contracts Members" "Contribute"
Add-SPPermissionToListGroup $Url "Customers" "Contracts Members" "Read"