janikvonrotz
8/14/2013 - 6:24 AM

PowerShell: Replace SharePoint Role Assignments #PowerShell #SharePoint

PowerShell: Replace SharePoint Role Assignments #PowerShell #SharePoint

$Metadata = @{
  Title = "Replace SharePoint Role Assignments"
	Filename = "Replace-SPRoleSsignment.ps1"
	Description = ""
	Tags = "powershell, sharepoint, role, assignment"
	Project = ""
	Author = "Janik von Rotz"
	AuthorContact = "http://janikvonrotz.ch"
	CreateDate = "2013-05-17"
	LastEditDate = "2013-05-17"
	Version = "1.0.0"
	License = @'
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
'@
}


if ((Get-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin “Microsoft.SharePoint.PowerShell”
}

# Update role based on AD group suffix for websites

$SPSite = "http://sharepoint.vbl.ch"
$SPSiteFilter = "http://sharepoint.vbl.ch/Projekt"
$UpdateRole = "design"

$NewRole = (Get-SPWeb $SPSite).RoleDefinitions | Where-Object{$_.Name -eq $UpdateRole}
    
Get-SPSite $SPSite | Get-SPWeb -Limit All  | Where-Object{$_.Url -match $SPSiteFilter} | ForEach-Object{

    # $_.Title

    $_.RoleAssignments | ForEach-Object{
    
        if($_.Member.Name.EndsWith("#$UpdateRole") -and ($_.RoleDefinitionBindings.Name -ne $UpdateRole)){
    
            Write-Host "Update role for: $($_.Member.Name) from: $($_.RoleDefinitionBindings.Name) to: $($NewRole.Name)"
            $_.RoleDefinitionBindings.RemoveAll()
            $_.RoleDefinitionBindings.Add($NewRole)
            $_.Update()
        }
    }
} 

# replace role for websites

$RoleToChange = "Superuser"
$RoleToAssign = $SPWeb.RoleDefinitions.GetById("1073741827")

Get-SPWebApplication | Get-SPsite -Limit all | %{ 
    $_ |  Get-SPWeb -Limit all | %{
        $_.RoleAssignments | %{
            if($_.roledefinitionbindings[0].Name -eq $RoleToChange){
                $_
                $_.roledefinitionbindings.RemoveAll()
                $_.roledefinitionbindings.Add($RoleToAssign)
                $_.Update()
            }
        }
    }
}

# change for lists
Get-SPWebApplication | Get-SPsite -Limit all | %{
    $_ |  Get-SPWeb -Limit all | %{
        $_.Lists | %{
            $_.RoleAssignments | %{
                if($_.roledefinitionbindings[0].Name -eq $RoleToChange){
                    $_
                    $_.roledefinitionbindings.RemoveAll()
                    $_.roledefinitionbindings.Add($RoleToAssign)
                    $_.Update()
                }
            }
        }
    }
}