Set-PnPListItemPermission
SYNOPSIS
Sets list item permissions.
SYNTAX
User (Default)
Set-PnPListItemPermission [-List] <ListPipeBind> -Identity <ListItemPipeBind> -User <String>
[-AddRole <String>] [-RemoveRole <String>] [-ClearExisting] [-SystemUpdate]
[-Connection <PnPConnection>]
Group
Set-PnPListItemPermission [-List] <ListPipeBind> -Identity <ListItemPipeBind> -Group <GroupPipeBind>
[-AddRole <String>] [-RemoveRole <String>] [-ClearExisting] [-SystemUpdate]
[-Connection <PnPConnection>]
Inherit
Set-PnPListItemPermission [-List] <ListPipeBind> -Identity <ListItemPipeBind> [-InheritPermissions]
[-SystemUpdate] [-Connection <PnPConnection>]
DESCRIPTION
Allows to modify list item permissions. Use Get-PnPRoleDefinition to retrieve all available roles you can add or remove using this cmdlet. Use Get-PnPGroup to retrieve all groups available that you can add or remove using this cmdlet when using the -group parameter.
EXAMPLES
EXAMPLE 1
Set-PnPListItemPermission -List 'Documents' -Identity 1 -User 'user@contoso.com' -AddRole 'Contribute'
Adds the 'Contribute' permission to the user 'user@contoso.com' for listitem with id 1 in the list 'Documents'.
EXAMPLE 2
Set-PnPListItemPermission -List 'Documents' -Identity 1 -User 'user@contoso.com' -RemoveRole 'Contribute'
Removes the 'Contribute' permission from the user 'user@contoso.com' for listitem with id 1 in the list 'Documents'.
EXAMPLE 3
Set-PnPListItemPermission -List 'Documents' -Identity 1 -User 'user@contoso.com' -AddRole 'Contribute' -ClearExisting
Adds the 'Contribute' permission to the user 'user@contoso.com' for listitem with id 1 in the list 'Documents' and removes all other permissions.
EXAMPLE 4
Set-PnPListItemPermission -List 'Documents' -Identity 1 -InheritPermissions
Resets permissions for listitem with id 1 to inherit permissions from the list 'Documents'.
EXAMPLE 5
Set-PnPListItemPermission -List 'Documents' -Identity 1 -AddRole 'Read' -RemoveRole 'Contribute' -Group "Site collection Visitors"
Adds the 'Read' permission to the group of Site collection Visitors while removing the 'Contribute' permissions.
PARAMETERS
-AddRole
The role that must be assigned to the group or user.
Type: RoleDefinitionPipeBind
Parameter Sets: User, Group
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ClearExisting
Clear all existing permissions.
Type: SwitchParameter
Parameter Sets: User, Group
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Connection
Optional connection to be used by the cmdlet. Retrieve the value for this parameter by either specifying -ReturnConnection on Connect-PnPOnline or by executing Get-PnPConnection.
Type: PnPConnection
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Group
A group object, an ID or a name of a group.
Type: GroupPipeBind
Parameter Sets: Group
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Identity
The ID of the listitem, or actual ListItem object.
Type: ListItemPipeBind
Parameter Sets: (All)
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-InheritPermissions
Inherit permissions from the list, removing unique permissions.
Type: SwitchParameter
Parameter Sets: Inherit
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-List
The ID, Title or Url of the list.
Type: ListPipeBind
Parameter Sets: (All)
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-RemoveRole
The role that must be removed from the group or user.
Type: RoleDefinitionPipeBind
Parameter Sets: User, Group
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SystemUpdate
Update the item permissions without creating a new version or triggering MS Flow.
Type: SwitchParameter
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-User
A valid login name of a user (e.g. john@doe.com).
Type: String
Parameter Sets: User
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False