I want to create a new SPWeb with PowerShell.
My code creates the site and add the group to the site but not the user "TestUser1".
The test\testuser1 belongs not to the TestGroup1 and get intepend permissions.
$web = New-spweb http://http:/mysharepointurl/site/web -Template "STS#0" -UniquePermissions
$user = $web.EnsureUser('test\testuser4')
$web.Users.AddUser($user, "Full") #Not working, Add a existing User
$newGroup = $web.SiteGroups["TestGroup6"] #Working, Add a existing Group
$web.Roles["Full"].AddGroup($newGroup)
Have you tried
$web.Users.Add -or- $web.AllUsers.Add
public void Add(
string loginName,
string email,
string name,
string notes
)
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spusercollection.add.aspx
You are using New-SPWeb, so that means you need to be adding users to the SPWeb.
$web.SiteUsers is the site collection group
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.siteusers.aspx
You should use
$web.Users
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.users.aspx
My working solution:
$web = Get-SPWeb "http://http:/mysharepointurl/site/web"
$user = $web.AllUsers["test\testuser1"]
$roledef = $web.RoleDefinitions["Vollzugriff"]
$roleass = New-Object Microsoft.SharePoint.SPRoleAssignment($user)
$roleass.RoleDefinitionBindings.Add($roledef)
$web.RoleAssignments.Add($roleass)
$web.Update()
Thanks for the support!
Related
I'm trying to query graph, to get all the users in my tenant, which has access to a specific resource (i.e. my web application) and has a particular role
This is what I got so far:
https://graph.microsoft.com/v1.0/users?$select=id,givenName,surname,mail,preferredLanguage,externalUserState&$expand=appRoleAssignments($filter=resourceId eq ${resourceId} AND appRoleId eq ${appRole})
As you can see:
I get all my users
I expand my users with appRoleAssignments which should give me the application assignments for each user, and specific details for that assignment
I apply a filter to filter the object based on respectively resourceId AND appRoleId
The call works, but I'm returned every user in my tenant, which is definately not what I want - Preferably, I would like to get only the users returned, which has access to my resourceId and are assigned a particular appRoleId
It's not possible using Graph API.
For example , If I want to get the users based on a license SkuId , you can use the below API :
https://graph.microsoft.com/v1.0/users?$count=true&$filter=assignedLicenses/any(s:s/skuId eq b05e124f-xxxx-xxxx-xxxx-8xxxxxxx)
And it provides the output as the Assigned Licenses are a part of the same Odata Query .
But if you try the same thing for the App Role Assignments , It errors out with the following:
As the User Context and AppRoleAssignments Context lie in different Odata Contexts. So , when you are calling the query :
https://graph.microsoft.com/v1.0/users?$select=id,givenName,surname,mail,preferredLanguage,externalUserState&$expand=appRoleAssignments($filter=resourceId eq ${resourceId} AND appRoleId eq ${appRole})
The first part upto expand succeeds and returns the value but the second part i.e. the filter on the app role assignments doesn't work out which is why you are getting the list of all users.
As a solution ,you can use PowerShell script for the same by using conditional parameters:
Connect-AzureAD
$users=Get-AzureADUser
$Name=#()
foreach ($user in $users) {
$approle=Get-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId
$resourceId= 'a19d7xx-xxxx-xxxx-xxx-c48c4d991411'
if ($approle.ResourceId -eq $resourceId){
$deviceprops = [ordered] #{
UserDisplayName = $approle.PrincipalDisplayName
}
$deviceobj = new-object -Type PSObject -Property $deviceprops
$Name += $deviceobj
}
}
$Name
Output:
Reference:
Get-AzureADUser and Get-AzureADUserAppRoleAssignment and Install AzureAD Module
How to check all report's subscriptions on Sharepoint 2010?
I know only how to check subsciption on specific report:
Unfortunately, there is no way way for you to do this from the GUI. You are going to have to break out PowerShell to get this information.
NOTE: I haven't tested this code, kinda writing it from the hip, but the gist should be able to help you out.:
$spWeb = Get-SPWeb <Site reports are contained in>
$spRepList = $spWeb.Lists["<List containing reports Name>"];
#Get all files
$spFileList = $spRepList.Files;
foreach($spFile in $spFileList)
{
#determine if the file is a report or a regular document
if($spFile.URL -like "*.rdl")
{
$reportServiceProxy = New-WebServiceProxy -URI <url to the reporting web service> -Namespace <Namespace of the service> -UseDefaultCredentials
$subscriptionList += $reportServiceProxy.ListSubscriptions($site);
#From here you can write to a file or write to the screen. I will let you decide
$subscriptionList | select Path, report, Description, Owner, SubscriptionID, lastexecuted,Status | where {$_.path -eq $spFile.URL}
}
}
Hope this helps.
Dave
How do I use PowerShell to update list field properties? When I try the following:
$site = Get-SPSite -Identity "http://vikas:26112/"
$web= $site.OpenWeb()
$spList = $web.GetList("/Lists/Support Links")
$spFieldType = [Microsoft.SharePoint.SPFieldType]::Text
$spList.Fields.Add("FirstName",$spFieldType,$false)
$spList.Fields[“FirstName”].Description = “My FirstName Field”
$spList.Fields[“FirstName”].Required=$true
$spList.Fields["FirstName"].EnforceUniqueValues=$true
$spList.update()
$web.Dispose()
After executing this FirstName field is added to list but properties of this field remains unchanged:
Description =""
Required=false
EnforceUniqueValues=false
The problem is that you are not updating the field and that indexer is returning different instances each time you use it. You must store the instance of the field in some variable, then change it, then update it.
Change your code like this:
$site = Get-SPSite -Identity "http://vikas:26112/"
$web= $site.OpenWeb()
$spList = $web.GetList("/Lists/Support Links")
$spFieldType = [Microsoft.SharePoint.SPFieldType]::Text
$spList.Fields.Add("FirstName",$spFieldType,$false)
$field = $spList.Fields[“FirstName”]
$field.Description = “My FirstName Field”
$field.Required=$true
$field.EnforceUniqueValues=$true
$field.update()
$web.Dispose()
I'm looking for possibility to define following options for Sharepoint list. I know it can be done from interface, but how to make if from XML or code? Can I set this somewhere in List Definition or List Instance:
Contributors should be able to create items, but should not be able to modify nor delete items of other users (but edit own items - yes).
Approvers, Site administrators and Site collection administraotrs should have full control over all items
Trikks, this is one solution, but you had me thinking.Turns out, the thing I needed is WriteSecurity. I added feature receiver, and in FeatureActivated I set SPList.WriteSecurity = 2 on this list.
I found this MSDN docu, http://msdn.microsoft.com/en-us/library/dd588628(v=office.11).aspx
I suppose it's possible to set this in code, but where?
I added this part to schema.xml in ListDefinition, as in documentation, but this doesn't work. After deployment and creating new list, I go to List Settings -> Advanced Settings and check 'Create and Edit access'. Still, checked is the first option, not second.
You are most likely looking for the RoleAssignments property that is available for most scopes.
Suppose you could start with something like this
private void DoStuff()
{
SPList list = web.Lists["MyList"];
// Create custom role
SPRoleDefinitionCollection roles = web.RoleDefinitions;
SPRoleDefinition roleDefinition = roles["Contribute"];
roleDefinition.BasePermissions = SPBasePermissions.AddListItems |
SPBasePermissions.BrowseDirectories |
SPBasePermissions.EditListItems |
SPBasePermissions.DeleteListItems |
SPBasePermissions.AddDelPrivateWebParts;
roleDefinition.Update();
//Creates a new role assignment for a group
SPGroup myGroup = web.SiteGroups["Team Site Members"];
SPRoleAssignmentCollection roleAssignments = web.RoleAssignments;
// SPRoleAssignment accepts a SPPrincipal which can be a SPUser or SPGroup
SPRoleAssignment roleAssignment = new SPRoleAssignment(myGroup);
//add a new role definition to the bound role definitions for the role assignment
SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings;
roleDefBindings.Add(roles["Contribute"]);
//Add the new role assignment to the collection of role assignments for the site.
roleAssignments.Add(roleAssignment);
// Stop inheriting permissions
list.BreakRoleInheritance(true);
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
We can get the roles of an SPUser by SPUser.Roles. But it will return SPRoleCollection. If we want to list all the roles we need to loop that.
For example an User has "Full Control","Read","Design" we need to loop the SPRoleCollection object.
How can i get all the roles as a string with ',' separator?
As a rough guess, try:
var user = SPUser // However you get the user.
var roles = Sring.Join(",", (from r in user.Roles select r.Name).ToArray()));
Though if you're using SharePoint 2010, the Name property is obsolete apparently.