0

目前遇到了一个绊脚石,我不知道我是否在谷歌上搜索正确的东西以获得正确的结果来帮助我。

情况.... 1) 在通过 GUI 共享点中,我可以在设置站点时使用唯一权限。2)然后您会看到一个页面,其中显示了组的 3 种可能性(阅读、贡献和所有者)。3)在这些可能性中,您可以选择使用现有组或创建新组。

我正在寻找的设置是使用现有组作为所有者并创建 2 个新组以供贡献和阅读。我如何在 powershell 中执行此操作?

我考虑这样做的另一种方法是不破坏权限,删除除所有者组之外的所有组,创建2个新组,分配它们并阅读并将它们添加到站点。<- 这听起来像是可行的,但听起来也是一种解决方法!

干杯特鲁兹

4

2 回答 2

0

您是否要创建自定义权限级别或自定义组,但要为其提供现有权限级别之一?对于前者,最简单的方法是在 GUI 中创建自定义权限级别,方法是复制并修改现有的 Contribute 和 Read 组,然后在 PowerShell 脚本中将它们分配给您的组。

这是您在网站上设置自定义权限所需的代码。

# Function to create role assignment variable for SharePoint group
#-----------------------------------------------------------------
Function CreateGroupRoleAssignment {
    Param(
        [parameter(Mandatory = $true)]
        [string]
        $RaName,

        [parameter(Mandatory = $true)]
        [string]
        $GroupName
    )

    # Delete role assignment variable if it already exists
    if(Test-Path "variable:global:$RaName") {
        Write-Host "-- Removing existing Role Assignment variable: $RaName"
        Remove-Variable -Name $RaName -Scope Global
    }

    # Create role assignment object variable in the global scope (to persist outside of the function)
    Write-Host "-- Creating Role Assignment variable for SharePoint group: $GroupName"
    New-Variable -Name $RaName -Value ([Microsoft.SharePoint.SPRoleAssignment] $RootWeb.SiteGroups[$GroupName]) -Scope Global

} # End Function CreateGroupRoleAssignment


# Script body
#------------

# Get your site
$Web = Get-SPWeb http://yoursiteurl

# Stop your site from inheriting permissions
$Web.BreakRoleInheritance($false)

# Create Role Definitions from the "Permission Levels" in your site
# Pick from the list in http://yoursiteurl/_layouts/role.aspx
$FullControlRD = $Web.RoleDefinitions | Where {$_.Name -eq "Full Control"}
$ContributeRD = $Web.RoleDefinitions | Where {$_.Name -eq "Contribute"}
$ReadRD = $Web.RoleDefinitions | Where {$_.Name -eq "Read"}

# Call function to create role assignments from your SharePoint site groups
# SharePoint groups inc. built-in Your Site Owners/Members/Visitors plus any you create
# See list of groups in http://yoursiteurl/_layouts/user.aspx
CreateRoleAssignment -RAName "OwnersRA" -GroupName "Your Site Owners"
CreateRoleAssignment -RAName "Group1RA" -GroupName "Your Custom Group 1"
CreateRoleAssignment -RAName "GRoup2RA" -GroupName "Your Custom Group 2"

# Bind the role definition to the role assignment to assign the desired permission level to each group
$OwnersRA.RoleDefinitionBindings.Add($FullControlRD)
$Group1RA.RoleDefinitionBindings.Add($ContributeRD)
$Group2RA.RoleDefinitionBindings.Add($ReadRD)

# Add the role assignment with the custom permission to your site
$Web.RoleAssignments.Add($OwnersRA)
$Web.RoleAssignments.Add($Group1RA)
$Web.RoleAssignments.Add($Group2RA)
于 2013-11-08T10:24:54.703 回答
0

我设法找到了解决方案。

我创建了站点,因此所有组都被继承了。

打破继承

一旦被破坏,我遍历所有组并删除任何不包含所有者的组。这意味着当您将成员置于根级别站点的所有者组中时,所有者组仍会更新。

然后我创建了一个成员和读者组。

$businessUnitWeb = New-SPweb -Url "My Site" -Name "Test" -UseParentTopNav 

$businessUnitWeb.BreakRoleInheritance($true)

    $groupsToRemove = $businessUnitWeb.Groups| WHERE-OBJECT{$_.Name -ne "XXXXXXXXX Portal Owners"} | $businessUnitWeb.Groups.Remove($_)
    $groupsToRemove | FOREACH-OBJECT{$businessUnitWeb.Groups.Remove($_)}

    $usersToRemove = $businessUnitWeb.Users| WHERE-OBJECT{$_.Name -ne "XXXXXXXXXX Portal Owners"} 
    $usersToRemove  | FOREACH-OBJECT{$businessUnitWeb.Users.Remove($_)}
    }

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Read", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The read group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Read"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Reader"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()

            $businessUnitWeb.SiteGroups.Add("$businessUnitWeb Contributor", $businessUnitWeb.Site.Owner, $businessUnitWeb.Site.Owner, "The Contributor group for $businessUnitWeb")
            $newGroup = $businessUnitWeb.SiteGroups["$businessUnitWeb Contributor"]


            $newGroupAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($newGroup)

            $newGroupAssign.RoleDefinitionBindings.Add($businessUnitWeb.RoleDefinitions.GetByType("Contributor"))
            $businessUnitWeb.RoleAssignments.Add($newGroupAssign)
            $businessUnitWeb.update()
            Write-Host "Creating $businessAreaURL..... " 
            $businessUnitWeb.ApplyWebTemplate(Template stuuf")

如果有一些错别字,我必须从代​​码中删除公司领带。

于 2013-11-11T09:11:24.190 回答