Hi, Recently I needed to breake inherirites for a list on Sharepoint 2010 site page and change the group permissions to specific one. So here is a powershell script that does the job. You will need to change $OwnerGroupName, $web = Get-SPWeb $SiteUrl and $list = $web.Lists["<ListName>"]; to your own values.
Task:
Only users in site owner group can have "Full Control" permissions for specific list on this site. Other groups permissions should be changed to "Read"
What Powershell script does:
1. It breaks inheritance from site
2. Gets all groups on the site
3. Goes via a list role assignments
and
4 If group name is equal to list Role Assignments removes group existing permissions and assign new role with "Read" permissions
Scripts:
[string]$OwnerGroupName = "Owners";
$web = Get-SPWeb "<SiteUrl>";
$list = $web.Lists["<ListName>"];
$groupCollection = $web.Groups;
if ($list -ne $null)
{
if (!$list.HasUniqueRoleAssignments)
{
$list.BreakRoleInheritance($true);
}
$web.AllowUnsafeUpdates = $true;
foreach ($group in $groupCollection)
{
Write-Host $group.Name
if ($group.Name -ne $OwnerGroupName)
{
$roleColl = $list.RoleAssignments
foreach($roleAss in $roleColl){
if($roleAss.Member.Name -eq $group.Name){
$permissions = $roleAss.RoleDefinitionBindings
$roleColl.Remove($group)
$roleDef = $web.RoleDefinitions["Read"]
$roleAssign = New-Object Microsoft.SharePoint.SPRoleAssignment($group)
$roleAssign.RoleDefinitionBindings.Add($roleDef)
$list.RoleAssignments.Add($roleAssign)
break
}
}
}
}
$web.AllowUnsafeUpdates = $false;
}