如何使用 PnP Powershell 删除所有列表项权限

Question

I would like to remove all permissions of a list item using PnP Powershell

I have tried this command:

Set-PnPListItemPermission -Identity $item.id -User 'user@contoso.com' -AddRole "Contribute"

However the user running the script/command was also added with Full Control permissions.

Is there any other way to remove all existing permissions for a list item using PnP Powershell?

Thanks

Answer 1

I tested to connect to SharePoint Online site with a read permission user in PnP PowerShell and then run the Set-PnPListItemPermission command, it will throw Access Denied error instead of adding with Full Control Permissions:

In Summary, to set permssions for list item, it's expecetd to have the Full Control Permission on the site level for the user who is running the script. Otherwise, the Access Denied error will throw.

The Full Control permissions should be applied with the site group, in the list, try to break permission inheritance and remove the group:

# Provide credentials over here
$creds = (New-Object System.Management.Automation.PSCredential "<<UserName>>",(ConvertTo-SecureString "<<Password>>" -AsPlainText -Force))
 
# Provide URL of the Site over here
# If you do not wish to pass credentials hard coded then you can use: -Credentials (Get-Credential). This will prompt to enter credentials
Connect-PnPOnline -Url http://MyServer/sites/MySiteCollection -Credentials $creds
 
# Get Context
$clientContext = Get-PnPContext
 
$targetWeb = Get-PnPWeb
 
# Get the list object
$targetList = $targetWeb.Lists.GetByTitle("List Name")
 
# Load List object
$clientContext.Load($targetList)
$clientContext.ExecuteQuery()
 
# This method will work only if the role inheritence is broken(list has unique role assignments) on the list
$targetList.RoleAssignments.Groups.RemoveByLoginName("test Visitors")
 
$clientContext.ExecuteQuery()
 
Disconnect-PnPOnline