Removing permissions from a list in MOSS 2007 using PowerShell


Hello Guys,

Recently my customer asked me to create a script to remove permissions from a list, specifically it would remove all permissions except for one group that they would designate.

Started doing some research and quickly realized that there was no information out there on how to do this, so I did a lot of digging and came up with this script.

You can download the script from this location

The heart of the script is the function CleanupAcl

Function CleanUpAcl
{
param($SPObject, $GroupName)

$Title = $SPObject.Title
Write-Host “Removing permissions from $Title”
$RoleAssignmentsCount = $SPObject.RoleAssignments.Count

For($i = $RoleAssignmentsCount – 1; $i -ge 0; $i–)
{
if($SPObject.RoleAssignments[$i].Member.Name -ne $GroupName)
{
$DeletedGroupName = $SPObject.RoleAssignments[$i].Member.Name
Write-Host “`t Removing Group/User $DeletedGroupName…”
$SPObject.RoleAssignments.RemoveByID($SPObject.RoleAssignments[$i].Member.ID)
}
}
}

For me the big surprise was having to use the For loop instead of being able to use the ForEach loop. The reason I did this is when I was testing I go the following error message:
An error occurred while enumerating through a collection: Collection was modified; enumeration operation may not execute..
At C:\Users\Administrator.WEAVER\Documents\Viewstest2.ps1:11 char:1
+  <<<< $List.RoleAssignments | ForEach-Object{
+ CategoryInfo          : InvalidOperation: (Microsoft.Share…on+SPEnumerator:SPEnumerator) [], RuntimeException
+ FullyQualifiedErrorId : BadEnumeration
error1

I quickly realized that I was deleting the object I was trying to enumerate so I changed to the For loop and went from the bottom up.

Hope this script is helpful to you.

Pax

Comments (0)

Skip to main content