Hello SharePointers,
We need to Edit Permission level with CSOM PowerShell in SharePoint Online. SharePoint Online: Edit Permission Level with CSOM PowerShell

Actually, we have created a permissions level called “Viewers” in SharePoint online. With this permission level users are able to view items, open and download documents.

Now we need to restrict users from Downloading and print documents. To do this we need to change/edit or update the permission level and remove “Open Items” permission from it.

Generally, to edit existing permission level we follow below steps from GUI.

  1. Navigate to the SharePoint site in which you want to edit permissions
  2. Click on the gear icon for go to settings >> select Site PermissionsChange Permission Levels in SharePoin
  3. Click on “Advance Permission Settings”
  4. Update Permission levels using PowerShell SharePoint Online
  5. This will navigate you to the “user.aspx” page to change the permissions.
  6. Click on “Permission Levels” from the Top ribbon bar
  7. On the permission level page, click on a permission level you want to change
SharePoint Online: Edit Permission Levels using Powershell

8. Uncheck the checkboxes to remove the permission levels. e.g. I want to remove “Open Items” so I unchecked the checkbox.
Similarly, you can remove it as per your requirements.

SharePoint Online: Edit Permission Level with CSOM PowerShell

9. Finally Click on “Submit” button from the bottom of page.

This will update the permission level as per our need.

PowerShell to remove permission from Permission Level in SharePoint Online.

Now we are going to perform same operations via PowerShell.

Let’s remove “Open Items” permission from existing Viewer Permission level.

Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\WindowsPowerShell\Modules\SharePointPnPPowerShellOnline\3.23.2007.1\OfficeDevPnP.Core.dll"
 
Try {
   
    #$siteURL = "https://tenant-2.sharepoint.com/sites/TEST"
    $authmgr = new-object OfficeDevPnp.Core.AuthenticationManager
    $ctx = $authmgr.GetWebLoginClientContext($siteURL)
    $PermissionLevelName = "Viewer"

    #Get the role definition by name
    $RoleDefinition = $Ctx.web.RoleDefinitions.GetByName($PermissionLevelName)
    $Ctx.Load($RoleDefinition)
    $Ctx.ExecuteQuery()
     
    #Remove "Delete Items" Permission from the Permission Level
    $BasePermissions = New-Object Microsoft.SharePoint.Client.BasePermissions
    $BasePermissions = $RoleDefinition.BasePermissions
    $BasePermissions.Clear([Microsoft.SharePoint.Client.PermissionKind]::OpenItems)
    $RoleDefinition.BasePermissions =  $BasePermissions
    $RoleDefinition.Update()
    $Ctx.ExecuteQuery()   
     
    Write-host -f Green "Viewer Permission Level has been Updated!"
}
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}

you can also copy code from above. In this article we learnt SharePoint Online: Edit Permission Level with CSOM PowerShell.

Read more at SharePointDiary.

you may also like my other posts.
Retrieve SharePoint List Items using CSOM
Connect MFA enabled SharePoint site using CSOM
Delete all items from SharePoint list with CSOM
Retrieve all users from Site Collection using PowerShell
How To Save Records In Multiple List Using Power Apps Patch() function
Solved: Send approval request to a group in MS flow.
How to Configure Adobe Sign for SharePoint Online
Create Approval workflow in MS Flow Step-By-Step

2 thoughts on “SharePoint Online: Edit Permission Level with CSOM PowerShell”

Leave a Reply