Powershell配置具有唯一权限但使用现有所有者组的新站点

时间:2013-11-07 13:40:39

标签: sharepoint powershell sharepoint-2010

目前运行到一个绊脚石,我不知道我是否正在谷歌搜索正确的东西,以获得正确的结果,以帮助我。

情况...... 1)在通过GUI的sharepoint中,我可以在设置站点时使用唯一权限。 2)然后向您显示一个页面,显示组的3种可能性(读取,贡献和所有者)。 3)在这些可能性中,您可以选择使用现有组或创建新组。

我正在寻找的设置是为所有者使用现有组,并创建2个新组以供贡献和阅读。我如何在powershell中做到这一点?

我想到这样做的另一种方法是不破坏权限,删除除所有者组之外的所有组,创建2个新组,分配它们并进行读取并将它们添加到站点。 < - 这听起来像它可以工作,但听起来像一个解决方法!

干杯 Truez

2 个答案:

答案 0 :(得分:0)

是否要创建自定义权限级别或自定义组,但是为其提供一个现有权限级别?对于前者,最简单的方法是通过复制然后修改现有的Contribute和Read组在GUI中创建自定义权限级别,然后在PowerShell脚本中将这些级别分配给组。

以下是在网站上设置自定义权限所需的代码。

# Function to create role assignment variable for SharePoint group
#-----------------------------------------------------------------
Function CreateGroupRoleAssignment {
    Param(
        [parameter(Mandatory = $true)]
        [string]
        $RaName,

        [parameter(Mandatory = $true)]
        [string]
        $GroupName
    )

    # Delete role assignment variable if it already exists
    if(Test-Path "variable:global:$RaName") {
        Write-Host "-- Removing existing Role Assignment variable: $RaName"
        Remove-Variable -Name $RaName -Scope Global
    }

    # Create role assignment object variable in the global scope (to persist outside of the function)
    Write-Host "-- Creating Role Assignment variable for SharePoint group: $GroupName"
    New-Variable -Name $RaName -Value ([Microsoft.SharePoint.SPRoleAssignment] $RootWeb.SiteGroups[$GroupName]) -Scope Global

} # End Function CreateGroupRoleAssignment


# Script body
#------------

# Get your site
$Web = Get-SPWeb http://yoursiteurl

# Stop your site from inheriting permissions
$Web.BreakRoleInheritance($false)

# Create Role Definitions from the "Permission Levels" in your site
# Pick from the list in http://yoursiteurl/_layouts/role.aspx
$FullControlRD = $Web.RoleDefinitions | Where {$_.Name -eq "Full Control"}
$ContributeRD = $Web.RoleDefinitions | Where {$_.Name -eq "Contribute"}
$ReadRD = $Web.RoleDefinitions | Where {$_.Name -eq "Read"}

# Call function to create role assignments from your SharePoint site groups
# SharePoint groups inc. built-in Your Site Owners/Members/Visitors plus any you create
# See list of groups in http://yoursiteurl/_layouts/user.aspx
CreateRoleAssignment -RAName "OwnersRA" -GroupName "Your Site Owners"
CreateRoleAssignment -RAName "Group1RA" -GroupName "Your Custom Group 1"
CreateRoleAssignment -RAName "GRoup2RA" -GroupName "Your Custom Group 2"

# Bind the role definition to the role assignment to assign the desired permission level to each group
$OwnersRA.RoleDefinitionBindings.Add($FullControlRD)
$Group1RA.RoleDefinitionBindings.Add($ContributeRD)
$Group2RA.RoleDefinitionBindings.Add($ReadRD)

# Add the role assignment with the custom permission to your site
$Web.RoleAssignments.Add($OwnersRA)
$Web.RoleAssignments.Add($Group1RA)
$Web.RoleAssignments.Add($Group2RA)

答案 1 :(得分:0)

我设法找到了解决方案。

我创建了网站,因此所有群组都被继承了。

破坏继承

一旦打破我循环遍历所有组并删除任何不包含所有者的组。这意味着当您将成员放在根级别站点的所有者组中时,所有者组仍会更新。

然后我创建了一个会员和读者群。

$businessUnitWeb = New-SPweb -Url "My Site" -Name "Test" -UseParentTopNav 

$businessUnitWeb.BreakRoleInheritance($true)

    $groupsToRemove = $businessUnitWeb.Groups| WHERE-OBJECT{$_.Name -ne "XXXXXXXXX Portal Owners"} | $businessUnitWeb.Groups.Remove($_)
    $groupsToRemove | FOREACH-OBJECT{$businessUnitWeb.Groups.Remove($_)}

    $usersToRemove = $businessUnitWeb.Users| WHERE-OBJECT{$_.Name -ne "XXXXXXXXXX Portal Owners"} 
    $usersToRemove  | FOREACH-OBJECT{$businessUnitWeb.Users.Remove($_)}
    }

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Read", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The read group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Read"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Reader"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Contributor", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The Contributor group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Contributor"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Contributor"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()
            Write-Host "Creating $businessAreaURL..... " 
            $businessUnitWeb.ApplyWebTemplate(Template stuuf")

如果有一些拼写错误,我必须从代​​码中移除公司领带。