Change files and folder permissions on OneDrive for Business with Powershell


A couple of weeks ago, a customer, asked me about the possibility to create a Service Request with System Center Service Manager that, in early stages, can dynamically and automatically create documents to share, to be completed and finally be signed digitally by different people in different areas. It wasn't a big challenge until I try to change permissions to files on OneDrive to grant access only for Reviewers for that activity, and remove permissions for everyone not directly involved in the review activity.

 

img1

 

So I create this powershell script able to invoke the OneDrive for Business API and change permissions: it works like a charms 🙂

1) Download the SharePoint Online Management Shell from here and install it

2) Download the connectTo-Onedrive script

3) Open it and modify the variables with your data

 

img22

(yes, I've to improve the password area in order to hide data... if you have suggestions about it, write me a comment, I'll be glad to update the script

4) Execute the script manually... and then integrate it with Orchestrator or SMA!

 

img4

 

img3

Enjoy and as usual, if you have any comment or suggestion, feel free to ask me in comments

have a good lazy day! 🙂

Comments (6)

  1. Mark says:

    Hi, thanks for sharing this great script!

    1. you’re very welcome 🙂

  2. rashish says:

    is it possible to use it for a large number or files?

    1. of course, you have to modify the script in order to make 1 authentication and then recursively call the method to change permission, for every file in your directory

  3. Bairon Dias says:

    Hi,
    I tested sending to external mails to accounts without passport and these guys didn’t receive the e-mail.
    After to do the passport registration the account received the e-mail.
    Did you get this problem ?

  4. Loz Willis says:

    This is a great piece of code, and works for what I’m trying to achieve if I’m targetting individual users with a specific email address. My end goal is to analyse the ‘Shared with Everyone’ folder and remove the ‘Everyone’ permissions so the folder is secured. Is there a way to reference the ‘Everyone’ permissions so that this script will remove group permissions?
    Thanks & keep up the awesome work 🙂

Skip to main content