I have a Sharepoint Library, which I have a Powershell script dropping files into for processing. The Powershell script reaches out to Active Directory, and returns Group Membership information. The script then creates a folder for the group owner (if it doesn't exist) in my Library, using the group owners' name, and drops a .CSV of all the users contained in the specific group into that folder.
The need here, is to grant 'Read' permissions only to the owner of the group, which will be the name of the folder we are working in. Ideally the folder would be hidden, however I understand that there are limitations when working with Sharepoint.
For example:
John Doe, User: jdoe would be able to access Z:/jdoe/IT.csv but not Z:/someuser/HR.csv
I have my Sharepoint Library mapped to Z:/ currently, to make my life easier for Powershell.
I executed get-command Module Microsoft.SharePoint.PowerShell | ft name and ran through the list of Sharepoint Commands.
I then stumbled across the Grant-SPObjectSecurity Cmdlet, which I assume is what I would want to use on the Powershell side to, when the folder is being created, apply Sharepoint permissions only to the user for which the folder is being created for.
The process from start to finish is: Powershell Script 'Get_Group_Members' executes, reading a text file containing an Active Directory Group name, per line. For each group found, the script identifies the owner of the group, creates a folder named with the owners AD name, and puts a .CSV file in the folder listing all members of the group. Then, I (for now anyway) manually initiate the next Script 'Import_CSV' which pulls all the information into a Sharepoint list for an unrelated process.
Hope that helps understand what's happening. Am I right in assuming I should handle this on the Powershell side, as opposed to the Sharepoint side? If so, am I headin' in the right direction with Grant -SPObjectSecurity?
Thanks!
Update:
Following the link I provided in a comment below, here is what I came up with:
function GrantUserpermission($strOwnerName)
{
[Microsoft.SharePoint.SPUserCollection]$spusers=[Microsoft.SharePoint.SPUserCollection]$web.SiteUsers
[Microsoft.SharePoint.SPUser]$spuser=$spusers[$strOwnerName]
"Strowner name: " + $strOwnerName
# Get the SPWeb object and save it to a variable
$web = Get-SPWeb -identity $WebURL
if ($strOwnerName -ne $null)
{
$sproleass=new-object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$spuser)
$folder.BreakRoleInheritance("true")
$sproleass.RoleDefinitionBindings.Add($web.RoleDefinitions["Contribute"])
$folder.RoleAssignments.Add($sproleass);
Write-Host "Permission provided for user ", $strOwnerName
}
else
{
Write-Host "User ""$userName"" was not found in this web!"
}
}
And here, are the error(s) associated with my code:
Full code can be found here: http://pastebin.com/iBpj6V1U
Update #2
#apply permissions to folder
"Strowner name: " + $strOwnerName
function GrantUserpermission($strOwnerName)
{
$web = Get-SPWeb -identity $WebURL
[Microsoft.SharePoint.SPUser]$spuser=$web.EnsureUser($strOwnerName)
"Strowner name in Function: " + $strOwnerName
Updated code #2: http://pastebin.com/DzP1hVce
$Target = $Web.Folders | ?{$_.Name -eq $strOwnerName}and then change your$Folder.BreakRoleand$Folder.RoleAssignlines to$Target.BreakRoleand$Target.RoleAssignto fix the object type reference errors. - TheMadTechnician