Tout sur le partage (Share)

After migrating a SharePoint 2013 site to Microsoft 365, we need to put all its content in read only so users don’t continue updating the content in the old site.

A few months later, it’s necessary to remove all permissions to ensure that all the links to the old site won’t work anymore (favorites and links in documents) and that users don’t refer to content that is obsolete.

# Remplace toutes les permissions par lecture dans tout le contenu (site, ses sous-sites, listes, dossiers, éléments) à chaque bris d'héritage

# inspiré de https://www.c5insight.com/Resources/Blog/tabid/148/entryid/729/use-powershell-to-set-permissions-on-all-sharepoint-libraries-folders-and-files.aspx

# à cause des accents, il faut convertir le format en ANSI
$systemlibs =@("Style Library", "Bibliothèque de styles", "Contenu réutilisable", "Rapports sur le contenu et la structure", "Tâches de flux de travail", "Images de la collection de sites")

function FixPerms($permissions) {
    $ReadRole = $web.RoleDefinitions["Read"]
    
    foreach ($assignment in $permissions) {
        
    #write-host $assignment.Member.Name $assignment.RoleDefinitionBindings.Name
    #write-host $assignment.Member.Name $assignment.RoleDefinitionBindings.Count

# Création d'un tableau qui contient toutes les permissions à supprimer
$TousRoles = New-Object System.Collections.ArrayList

foreach ($autorisation in $assignment.RoleDefinitionBindings) {
	#write-host $autorisation.Name
	if (($autorisation.Name -ne "Read") -and ($autorisation.Name -ne "Limited Access") -and ($autorisation.Name -ne "Restricted Read")) {

	#$TousRoles.Add($autorisation.Name)
	$TousRoles += $autorisation.Name

	}
}

foreach ($Role in $TousRoles) {

	$assignment.RoleDefinitionBindings.Remove($web.RoleDefinitions[$Role])

if ($assignment.RoleDefinitionBindings.Name -notcontains "Read") {
	$assignment.RoleDefinitionBindings.Add($ReadRole); 
}
	$assignment.Update()  
}
    }    
}
#End function Fix Perms------------------------------------

function ToutleContenu($siteweb){

foreach ($list in $siteweb.lists) {

if ($systemlibs -contains $list) {continue;}
if ($list.Hidden -eq $true) {continue;}

 if ($list.HasUniqueRoleAssignments -eq "True") {
        write-host "Need to fix list perms:" $list.Title -fore yellow
	$permissions = $list.RoleAssignments
	FixPerms($permissions)
    }

#le dossier AB922... se trouve dans la liste Microflux
foreach ($folder in $list.folders) {
        if (($folder.HasUniqueRoleAssignments -eq "True") -and ($folder.Name -ne "AB922B82-8406-4E49-B17B-9057BDF09503")) {            

            write-host " Need to fix folder perms:" $folder.Name -fore green
	$permissions = $folder.RoleAssignments
	FixPerms($permissions)
      
        }
    }

foreach ($item in $list.items) {
        if ($item.HasUniqueRoleAssignments -eq "True") {
            write-host "  Need to fix item perms:" $item.Name -fore darkyellow
	$permissions = $item.RoleAssignments
	FixPerms($permissions)
        }
    }
}

}
#---end function ToutleContenu

function TouslesSites($web) {

ForEach($subsite in $web.Webs) {
	
if($subsite.HasUniqueRoleAssignments -eq "True") { 
     write-host "Need to fix subsite perms:" $subsite.url -fore cyan
$permissions = $subsite.RoleAssignments
FixPerms($permissions)
}
ToutleContenu($subsite)
TouslesSites($subsite)

}

}
#---end function TouslesSites


$web = get-spweb "URL of the site"


if($web.HasUniqueRoleAssignments -eq "True") { 
	write-host "Need to fix site perms:" $web.url -fore cyan
$permissions = $web.RoleAssignments
FixPerms($permissions)
}
ToutleContenu($web)

#Commenter la ligne suivante si seulement le site principal doit être mis en lecture
#Pour tous les sous-sites
TouslesSites($web)

Only the function FixPerm needs to be changed to remove permissions.

function FixPerms($permissions) {
    $ReadRole = $web.RoleDefinitions["Read"]
    
    foreach ($assignment in $permissions) {
        
    #write-host $assignment.Member.Name $assignment.RoleDefinitionBindings.Name
    #write-host $assignment.Member.Name $assignment.RoleDefinitionBindings.Count

	$assignment.RoleDefinitionBindings.RemoveAll()
	$assignment.Update()  
}
  
}
#End function Fix Perms------------------------------------

There is this exeption: The sub-site inherits the access but some libraries or some documents have an inheritance break.

Warning: I got very rare errors with $assignment.RoleDefinitionBindings.Add($ReadRole);