Improve company productivity with a Business Account.Sign Up

x
?
Solved

Set SharePoint permission on a folder using SPQuery \ CAML

Posted on 2015-02-07
8
Medium Priority
?
678 Views
Last Modified: 2015-02-10
I need to set permissions on a lot of SharePoint folders in a document library but I don't want to have to spin through all folders to find the specific one each time.  I have to set permissions on about 1000 folders and have an XML document where I'm getting the folders and their permissions from.  

I have the script about 90% written using a CAML query to get the specific folder.   (This works fine and returns the specific folder I'm looking for)
        $spQuery = New-Object Microsoft.SharePoint.SPQuery
	 	$spQuery.Query =	"<OrderBy>
								<FieldRef Name=BaseName Ascending=TRUE></FieldRef>
							</OrderBy>
							<Where>
								<And>
								    <Eq><FieldRef Name=ContentType/><Value Type=Text>Folder</Value></Eq>
								    <Eq><FieldRef Name=BaseName/><Value Type=Text>$folderName</Value></Eq>
								</And>
							</Where>"
		$spQuery.ViewAttributes = "Scope=RecursiveAll"
		
        $spListItems = $spList.GetItems($spQuery)
		

Open in new window



However, when I try to set the $currentFolder, it is an SPFolder instead of SPItem.
			foreach ($spListItem in $spListItems)
            {
			
				$currentItem = $spListItem.Name
				$folderName = $spListItem.Folder.URL
				$folderName = $folderName.Replace($currentItem,"")
								
				$RelativeFolderURL = $spListItem.URL
				$currentFolder =$SPWeb.GetFolder($RelativeFolderURL)
				
			GrantGroupPermission $currentFolder
			}

Open in new window

And the method to break inheritance and set permissions is only available on an SPItem object
  function GrantGroupPermission($groupName)
  {
   [Microsoft.SharePoint.SPGroupCollection]$spgroups = $web.SiteGroups
   [Microsoft.SharePoint.SPGroup]$spgroup = $spgroups[$groupName]
   $sproleass=new-object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$spgroup)
[b][u]#The Next Line Breaks[/u][/b]
   $folder.BreakRoleInheritance("true")
   $sproleass.RoleDefinitionBindings.Add($web.RoleDefinitions["Contribute"])
[b][u]#This Line Doesn't Work Either[/u][/b]
   $folder.RoleAssignments.Add($sproleass);
   Write-Host "Permission provided for group ", $groupName
  }

Open in new window



I've attached 2 files.  
One that works when I explicitly give it a folder name.
The second is my script that I'm trying to use CAML to get the folder name

I'm hoping someone here will be able to help figure this out.
WorkingAddPermissions.txt
SetPermissions.txt
0
Comment
Question by:skipper68
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:colly92002
ID: 40597331
Use this:
folder.Item.BreakRoleInheritance(true);

.item will get you the SPListItem of the folder.
0
 
LVL 9

Author Comment

by:skipper68
ID: 40598289
Colly,
Thank you very much for the response.  I tried your suggestion previously, and again just to make sure.  I got the following error(s).
 Unsuccessful attempt to add .item to the $folder object
I've also included a screencap of how it looks without the $folder.item....
Errors without .Item
Thank you again for helping.
0
 
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 40598303
Hi,
which SharePoint version and edition?
Thanks.
Rainer
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
LVL 9

Author Comment

by:skipper68
ID: 40598309
SP 2010 Enterprise
0
 
LVL 15

Accepted Solution

by:
colly92002 earned 2000 total points
ID: 40599388
Looks like you might be passing the method a null $folder object.

Possibly because of this cast?
GrantGroupPermission $action [Microsoft.SharePoint.SPListItem]$currentFolder


If you have removed that cast, try displaying your folder url etc and make sure your CAML is returning what you expect.
0
 
LVL 9

Author Comment

by:skipper68
ID: 40599504
I think that was it!  I was casting it to an item instead of letting the object cast itself.  I'm going to run through a couple more to verify but I think that was it.
FolderObject.gif
0
 
LVL 9

Author Closing Comment

by:skipper68
ID: 40600608
Colly, you rock!  That was exactly it.  

Do you know what the logic is behind why this fails?  In normal programming, you can cast a string as an integer to use it in a calculation.  Any insight as to why this didn't work would be appreciated.
0
 
LVL 15

Expert Comment

by:colly92002
ID: 40600731
It's because you are casting an object to another type that does not allow it (probably because it is incompatible)  and this results in a null object.

These articles will probably explain it better than I can:
http://www.blackwasp.co.uk/CSharpAs.aspx
http://www.codeproject.com/Articles/447634/A-Beginners-Tutorial-Type-Casting-and-Type-Convers
http://www.codeproject.com/Articles/5044/Cheat-Sheet-Casting-in-VB-NET-and-C
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Welcome to 2018! Exciting things lie ahead in the world of tech. To start things off, we compiled great member articles on how to stay safe, ways to learn, and much more! Read on to start your new year right.
WAP (Web Application Proxy) provides reverse proxy functionality for web applications in the corporate network which allows users on most devices to access internal web applications from external networks.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question