Set Item Level Permissions on a SharePoint online library using CSOM PowerShell
https://sharepoint.stackexchange.com/questions/265702
-
07-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using this script below to upload a file or multiple files in a document library in sharepoint online. I would like to set only the 'read' permission so that only one specific user can read (see) the file.
How can I set the 'read' permission for a specific domain user first and then upload the file?
Why? -> I want to make a folder "paychecks 2019" and then upload a paycheck and set the permissions so that the workers can only see their personal paycheck.
I can also create a folder for each worker and set the read permission on folder level but I prefer to give them all access to "paychecks 2019" and give them permissions on file level during uploading.
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$Password)
$Context.Credentials = $Creds
$List = $Context.Web.Lists.GetByTitle($DocLibName)
$Context.Load($List.RootFolder)
$Context.ExecuteQuery()
$TargetFolder = $Context.Web.GetFolderByServerRelativeUrl($List.RootFolder.ServerRelativeUrl + "/" + $FolderName);
Foreach ($File in (dir $Folder -File))
{
$FileStream = New-Object IO.FileStream($File.FullName,[System.IO.FileMode]::Open)
$FileCreationInfo = New-Object Microsoft.SharePoint.Client.FileCreationInformation
$FileCreationInfo.Overwrite = $true
$FileCreationInfo.ContentStream = $FileStream
$FileCreationInfo.URL = $File
$Upload = $TargetFolder.Files.Add($FileCreationInfo)
$Context.Load($Upload)
$Context.ExecuteQuery()
}
Solution
You cannot grant a permission on a file before uploading it as there is nothing to set the permission on before the file has been uploaded, unless you have a container (folder). In any case, if you upload the file and then set the permission, the file would only be visible for a second or so, and probably just a fraction of a second.
If you use folders, you can create the folder, set the read only permission and then upload the file. You can hide that fact that you are using folders by creating a default view that sets "Show all items without folders" so users only see a single list of files (but still secured by the folders they were uploaded to).
