With the digital evolution that the dreaded COVID-19 pandemic has taken us through in the past 2 years, we've had to help with the adoption of cloud collaboration tools to assist us with working better together in a remote workforce. The biggest push towards this from our team, has been the deployment of SharePoint online for document collaboration. Deploying this properly has been a timely challenge when taking into consideration different levels of access, the site that we're using for deployment, what libraries need to be created and education on structuring SharePoint or guidance on the setup.
With the experience that I've now had through several successful implementations of SharePoint Online, I want to help our own team to speed up the deployment and simplify the whole process from start to end. With this in mind, I started by developing a spreadsheet which only needs to be filled in with the names you'd like for the document libraries, the site name & the address to the SharePoint site. You can find this spreadsheet layout below - save a copy for yourself and I will provide a script later that you can use to automate the setup of SharePoint.
LibraryName | GroupPrefix | SharePointSite |
---|---|---|
HR Team | Site Name | https://subdomain.sharepoint.com/sites/SiteName |
Sales | ||
Orders | ||
Leadership |
If you want some recommendations on how to create your SharePoint site, here are some tips that work well in my experience:
- Create document libraries based on departments. This should be sufficient for keeping document permissions controlled in most cases.
- Apply permissions only to the document library. No permission changes on sub-folders within document libraries should be changed. Ensure you make this point clear during initial conversations with clientele or during the handover to the client (see point 3 as to why).
- Setup a read/write (edit) group and an read only group and assign these permissions to the document library before migrating any data or beginning to use the document library. Permission changes are not possible after 5000 items are stored in the library.
Extra credit if you implement the following:
- Elect "owners" for SharePoint sites who can control access to the members of the above security groups to make it easier for organizations to control things themselves
- Create Dynamic Membership groups so that members are automatically added based on "Job Titles", "Departments" or other fields in AAD for a user account.
Now, onto the script which you can use to automate the setup! First, here are the pre-requisites:
- You must have a site created in SharePoint already which you want to publish new document libraries and security permissions for.
- Run the following commands in PowerShell to ensure you have the required modules installed for connecting to Office 365 and SharePoint Online:
Set-ExecutionPolicy RemoteSigned
Install-Module PnP.PowerShell
Install-Module MSOnline
Finally, here is the script:
#----------------------------------------------------------------
# Type: Script
# Desc: Create SharePoint Document Libraries and Security Groups
# Author: Nathan Gemmill
# Ver: 1.0
#----------------------------------------------------------------
#----------------------------------------------------------------
# Variables
#----------------------------------------------------------------
$LibraryNames = Import-Csv -Path ".\DocumentLibraries.csv"
[string]$SiteAddress = Import-Csv -Path ".\DocumentLibraries.csv" | Select-Object -ExpandProperty SharePointSite
$GroupNamePrefix = Import-Csv -Path ".\DocumentLibraries.csv" | Select-Object -ExpandProperty GroupPrefix
#----------------------------------------------------------------
# Connect to Exchange Online & SharePoint Site
#----------------------------------------------------------------
Connect-MsolService
Connect-PnPOnline -Url $SiteAddress -UseWebLogin
#----------------------------------------------------------------
# Loop through spreadhseet and create libraries
#----------------------------------------------------------------
foreach ($Library in $LibraryNames)
{
$Title = $Library.LibraryName
write-host Creating Document Library named: $Title
New-PnPList -Title $Title -Template DocumentLibrary -OnQuickLaunch -ErrorAction SilentlyContinue
}
#----------------------------------------------------------------
# Loop through spreadhseet and create security groups
#----------------------------------------------------------------
foreach ($Library in $LibraryNames)
{
$Title = $Library.LibraryName
[string]$GroupNameWrite = $GroupNamePrefix.replace(' ','') + ' - ' + $Title.replace(' ','') + ' - R&W'
[string]$GroupNameRead = $GroupNamePrefix.replace(' ','') + ' - ' + $Title.replace(' ','') + ' - RO'
write-host Creating security groups named: $GroupNameWrite
New-MsolGroup -DisplayName $GroupNameWrite -ErrorAction SilentlyContinue
write-host Creating security groups named: $GroupNameRead
New-MsolGroup -DisplayName $GroupNameRead -ErrorAction SilentlyContinue
}
#----------------------------------------------------------------
# Loop through spreadhseet and set Document Library permissions
#----------------------------------------------------------------
foreach ($Library in $LibraryNames)
{
$Title = $Library.LibraryName
[string]$GroupNameWrite = $GroupNamePrefix.replace(' ','') + ' - ' + $Title.replace(' ','') + ' - R&W'
[string]$GroupNameRead = $GroupNamePrefix.replace(' ','') + ' - ' + $Title.replace(' ','') + ' - RO'
Write-Host Breaking inheritance on the following document library: $Title
Set-PnPList -Identity $Title -BreakRoleInheritance -CopyRoleAssignments
Write-Host Setting edit permissions for the following group: $GroupNameWrite
Set-PnPListPermission -Identity "$Title" -AddRole "Edit" -User "$GroupNameWrite"
Write-Host Setting read permissions for the following group: $GroupNameRead
Set-PnPListPermission -Identity "$Title" -AddRole "Read" -User "$GroupNameRead"
}
Run this script as a site owner and it'll do all the grunt work for you. It's up to you to double check everything works but if there is no errors, you should be right to go live! If you want to do some final 'house-keeping' to tidy things up, I would remove the "Conversations", "Documents", "Notebook", "Pages" & "Site Contents" sections from the navigation menu on the left of the site but that's completely up to you and how you intend to use the site.