SharePoint permissions control access to sites, lists, and documents. Using PnP PowerShell, you can efficiently assign permissions to SharePoint groups at different levels. This guide will cover how to:
✔️ Create a SharePoint group
✔️ Assign permissions to a group
✔️ Modify existing permissions
✔️ Remove permissions from a group
Prerequisites
Before proceeding, ensure that:
PnP PowerShell is installed
You have SharePoint Admin or Site Owner permissions
You know the SharePoint site URL and group name
Step 1: Install and Import PnP PowerShell
If PnP PowerShell is not installed, install it using:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
Import-Module PnP.PowerShell
PnP PowerShell is ready!
Step 2: Connect to SharePoint Online
To connect to a SharePoint Online site, use:
# Connect to SharePoint Online
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive
🔹 Replace "yourtenant" with your SharePoint tenant name
🔹 Replace "yoursite" with your actual site name
Connected successfully!
Step 3: Create a SharePoint Group (If Needed)
Before assigning permissions, create a new SharePoint group if it doesn’t already exist:
# Define variables
$groupName = "Project Managers"
$groupDescription = "Manages all project-related activities"
# Create a new SharePoint group
New-PnPGroup -Name $groupName -Description $groupDescription -Owner "admin@yourtenant.onmicrosoft.com"
Write-Host "SharePoint group '$groupName' created successfully."
New SharePoint group created!
Step 4: Assign Permissions to a SharePoint Group
Now, assign permissions to the group at the site level:
# Define variables
$groupName = "Project Managers"
$role = "Edit" # Change to "Read", "Contribute", "Full Control", etc.
# Assign permission to the group
Set-PnPGroupPermissions -Identity $groupName -AddRole $role
Write-Host "Assigned '$role' permissions to '$groupName'."
Permissions assigned to the group!
Step 5: Assign Permissions to a List or Library
To assign permissions to a specific list or document library, use:
# Define variables
$listName = "Project Documents"
$groupName = "Project Managers"
$role = "Contribute"
# Assign permissions to the list
Set-PnPListPermission -Identity $listName -Group $groupName -AddRole $role
Write-Host "Assigned '$role' permissions to group '$groupName' for list '$listName'."
Group now has permissions on the SharePoint List!
Step 6: Remove Permissions from a SharePoint Group
To remove assigned permissions from a SharePoint group, use:
# Define variables
$groupName = "Project Managers"
$role = "Edit"
# Remove permissions
Set-PnPGroupPermissions -Identity $groupName -RemoveRole $role
Write-Host "Removed '$role' permissions from group '$groupName'."
Permissions removed from the SharePoint group!
Common Errors & Solutions
| Error | Cause | Solution |
|---|---|---|
Group not found | Incorrect group name | Use Get-PnPGroup to list available groups |
Access Denied | Insufficient permissions | Ensure you have Admin or Site Owner rights |
Role not found | Incorrect permission level | Use Get-PnPRoleDefinition to list available roles |