If you are using SLK with more than a few sights then provisioning the permissions becomes either very time consuming or impossible by hand. A typical UK secondary school will have between 700 to 1500 distinct classes, and to use SLK to its fullest extent then each of these will need a site with unique permissions. So once you have finished any trial/prototype you will need to script the setting up of SLK Permissions.
The following is a simple proof of concept script to initially set the SLK permissions on a site. It will add permissions for specified Active Directory users or groups to specified existing sites in SharePoint. You could easily extend it to create sites by checking to see if the site exists first, and if not running New-SPWeb.
The script runs from an input csv in the following format:
For each line in the input file it adds the user to the given site, with the given permission level.
To use save the following PowerShell as a ps1 file, create an input csv file called sitePermissions.csv in the same directory and run the script.
Add-PSSnapIn Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
function AddPermission($web, $userName, $permission)
# Break inheritance if required. Argument is true if copy existing permissions or false to strip all
if ($web.HasUniqueRoleAssignments -eq $false)
$user = $web.EnsureUser($userName)
$roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
$role = $web.RoleDefinitions[$permission]
$csvData = import-csv sitePermissions.csv
foreach ($line in $csvData)
$web = Get-SPWeb $line.Site
AddPermission $web $line.User $line.Role
Running this with the sample data above gives the following before and after screenshots on the permissions:
Notes on the script:
- There is no error handling so if your input in incorrect e.g. typos in your site, user name or roles, you will get screens of red error messages.
- Line 1, Add-PSSnapIn ensures that the PowerShell comandlets are added into the current session if not already present.
- The actual adding of the permissions is put into a function to break up the script and improve readability and maintainability.
- Permissions can only be added to sites which have unique permissions, so if the site doesn’t already have permissions it breaks them and can either copy the existing conditions, or start from none depending on the value of the argument passed to BreakRoleInheritance.
- EnsureUser is used to make sure that the user is added to SharePoint before trying to give them permissions
- To change the name of the input file, just change sitePermissions.csv in the script.
- It’s not particularly optimised as it opens a new SPWeb for every line. You could check to see if it’s a different site on each line and only dispose and create a new one if it is different.
- The script will still work if the user’s permission already exists.
This is a simple script suitable for initial setting of SLK permissions. It doesn’t attempt to remove any permissions if no longer required, or do anything else to the site apart from breaking inheritance.
For a more comprehensive solution which can completely provision a set of sites, including setting any setting on a site, adding and removing permissions and automatically adding teachers’ sites to their list when assigning permissions, as well as a multitude of other functionality, then please investigate our managed service Salamander SharePoint. This will do all this and more.