Search code examples
sharepointpowershellsharepoint-2010

Powershell provisioning new site with unique permissions but uses existing owners group

Currently run in to a bit of a stumbling block and i don't know if i am searching for the right thing on google to get the correct results to help me.

The situation.... 1)In sharepoint via the GUI i can use unique permissions when setting up a site. 2)You are then presented with a page showing 3 possibilities(Read, Contribute and owner) of groups. 3)In these possibilities you can select to use an existing group or create a new one.

The setup i am looking for is use existing group for owner and create 2 new groups for contribute and read. How do i do this in powershell?

The other way i have thought about doing this is to not break permissions, Delete all the groups apart from the owners groups, Create 2 new groups, assign them contrbute and read and add them to the site. <- this sounds like it would work but also sounds like a workaround!

Cheers Truez

Solution

  • I managed to find a solution.

    I created the site so all the groups were inherited.

    Broke inheritance

    Once broken i looped through all the groups and removed any that didn't contain owner. This meant that the owner group still updated when you placed a member in the owner group at the root level site.

    I then created a Members and readers group.

    $businessUnitWeb = New-SPweb -Url "My Site" -Name "Test" -UseParentTopNav 

$businessUnitWeb.BreakRoleInheritance($true)

    $groupsToRemove = $businessUnitWeb.Groups| WHERE-OBJECT{$_.Name -ne "XXXXXXXXX Portal Owners"} | $businessUnitWeb.Groups.Remove($_)
    $groupsToRemove | FOREACH-OBJECT{$businessUnitWeb.Groups.Remove($_)}

    $usersToRemove = $businessUnitWeb.Users| WHERE-OBJECT{$_.Name -ne "XXXXXXXXXX Portal Owners"} 
    $usersToRemove  | FOREACH-OBJECT{$businessUnitWeb.Users.Remove($_)}
    }

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Read", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The read group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Read"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Reader"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Contributor", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The Contributor group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Contributor"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Contributor"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()
            Write-Host "Creating $businessAreaURL..... " 
            $businessUnitWeb.ApplyWebTemplate(Template stuuf")

    If there are some typo's i've had to remove company tie's from the code.