Latest Posts

Assigning Permissions on OneDrive Files using PnP PowerShell

Posted on by Rishan Solutions

Loading

Managing permissions on OneDrive for Business files is crucial for security and collaboration. Using PnP PowerShell, you can:

Grant access to users or groups
Set permission levels (Read, Edit, etc.)
Revoke permissions when needed

This guide provides step-by-step instructions to assign permissions to OneDrive files and folders.

Step 1: Install and Import PnP PowerShell

If you haven’t installed PnP PowerShell, run the following command:

Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force

Import the module:

Import-Module PnP.PowerShell

PnP PowerShell is ready!

Step 2: Connect to OneDrive

Before assigning permissions, connect to the OneDrive site:

$OneDriveUrl = "https://yourtenant-my.sharepoint.com/personal/your_email_com"
Connect-PnPOnline -Url $OneDriveUrl -Interactive

🔹 Replace yourtenant with your Microsoft 365 tenant name.
🔹 Replace your_email_com with your OneDrive user’s UPN (User Principal Name).
🔹 This will prompt you to log in to OneDrive.

Connected to OneDrive!

Step 3: Assign Permissions to a OneDrive File

To grant Read or Edit permissions on a specific file:

$FilePath = "/Documents/Report.pdf" # File in OneDrive
$UserEmail = "user@domain.com" # User to grant access
$Permission = "Read"  # Options: Read, Edit, Owner

Grant-PnPListItemPermission -List "Documents" -Identity $FilePath -User $UserEmail -AddRole $Permission

Write-Host "Permission '$Permission' assigned to $UserEmail for $FilePath"

🔹 Assigns Read access to Report.pdf.
🔹 Change $Permission to "Edit" if edit access is needed.
🔹 Use "Owner" to give full control.

Permission assigned to a file!

Step 4: Assign Permissions to a Folder

To grant Edit access on a OneDrive folder:

$FolderPath = "/Documents/ProjectFiles"  # Folder in OneDrive
$UserEmail = "user@domain.com"  # User to grant access
$Permission = "Edit"

Grant-PnPListItemPermission -List "Documents" -Identity $FolderPath -User $UserEmail -AddRole $Permission

Write-Host "Permission '$Permission' assigned to $UserEmail for $FolderPath"

🔹 Assigns Edit access to all files within the ProjectFiles folder.

Permission assigned to a folder!

Step 5: Assign Permissions to a Microsoft 365 Group

Instead of assigning permissions to an individual user, you can grant access to a Microsoft 365 Group:

$FilePath = "/Documents/Confidential.pdf"
$GroupName = "Project Team"  # Microsoft 365 Group Name
$Permission = "Read"

Grant-PnPListItemPermission -List "Documents" -Identity $FilePath -Group $GroupName -AddRole $Permission

Write-Host "Permission '$Permission' assigned to Group: $GroupName for $FilePath"

🔹 Grants Read access to all members of the “Project Team” group.

Microsoft 365 Group has access!

Step 6: Revoke Permissions from a User

To remove permissions for a specific user on a file:

$FilePath = "/Documents/Report.pdf"
$UserEmail = "user@domain.com"

Revoke-PnPListItemPermission -List "Documents" -Identity $FilePath -User $UserEmail

Write-Host "Permissions removed for $UserEmail on $FilePath"

🔹 This removes all permissions for the specified user.

User access revoked!

Step 7: Check Permissions on a File

To view who has access to a specific OneDrive file:

$FilePath = "/Documents/Report.pdf"

$Permissions = Get-PnPListItemPermission -List "Documents" -Identity $FilePath
$Permissions | Select-Object PrincipalName, RoleDefinitionBindings

🔹 Shows a list of users/groups and their permission levels.

Checked file permissions!

Step 8: Break Inheritance and Apply Unique Permissions

If a file/folder inherits permissions from OneDrive, you may need to break inheritance before applying unique permissions:

$FilePath = "/Documents/SensitiveReport.pdf"

Set-PnPListItemPermission -List "Documents" -Identity $FilePath -BreakInheritance -CopyRoleAssignments $false

Write-Host "Inheritance broken. The file now has unique permissions!"

🔹 Use -CopyRoleAssignments $false to remove inherited permissions.
🔹 If set to $true, it keeps existing permissions but allows new ones.

Inheritance broken & unique permissions set!

Step 9: Reset Inheritance and Restore Default Permissions

To restore default permissions (inherit from OneDrive parent folder):

$FilePath = "/Documents/SensitiveReport.pdf"

Set-PnPListItemPermission -List "Documents" -Identity $FilePath -ResetInheritance

Write-Host "Permissions reset. The file now inherits from OneDrive!"

Default permissions restored!

Step 10: Disconnect the Session

After completing tasks, disconnect from OneDrive:

Disconnect-PnPOnline

Disconnected from OneDrive!

Leave a Reply

Your email address will not be published. Required fields are marked *