Introduction
At my work, we are preparing to migrate data to SharePoint Online. We are going to create a landing site where everyone within the organization has access, and we are going to create document libraries and place the data there. Employees who had access in the past will, of course, get it again. We will work with members, visitors, and owners. This inspired me to see if this could be automated.
There are other possibilities, but together with my good friend ChatGPT, we concluded that we would work in Azure with an automated account that can run a script via a Powershell script (runbook). Namely, granting permissions. The owner could then grant permissions to employees via a form hosted via a static web app. This was possible via a webhook. This all sounded really great, but since you are calling different APIs, it's more challenging than you think. I ended up in a proverbial loop because you need a token to connect to MS – Graph. However, after much research, this had to be a secure string, and so we also made the script. Token checked, it was valid, but I kept getting the message "invalid JMT token." And when I did it as plain text, I got the message that it had to be a secure string.
I spent quite some time over a period of two weeks figuring out that I couldn't get that stuff working. I had the same result with a Windows form and a PowerShell script. I converted this to an .exe, and this can then be offered at the workplace. But I managed this in 45 minutes.
Preparation
In principle, I could create the PowerShell script myself. Writing a function. But I would do this with Google in the past. Now I have created a project in ChatGPT this much quicker. Of course, I also tried this with the Azure variant, but it did not work out. I asked the question that an owner of a document library can grant Full Control, Write, and Read permissions to another person in the tenant. The setup is a kind of landing page in SharePoint where everyone has access, and it is determined at the document library level what you can access in terms of files. You only see the libraries you have permissions for. Creating the SharePoint site and creating a library is beyond the scope of this article. Do you want to apply this at work? Or are you just interested? Let me know. I do have this PowerShell script. I first created the script without a form and tested whether you can indeed grant permissions. I did this in an E5 development environment. After some testing, it worked, and I asked for a simple form to be made. This went quite quickly. I forgot to add the option to add more members at once and the question of whether you wanted to add another member. And if you answered no, the form would close neatly.
Output(Powershell script)
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Import-Module PnP.PowerShell -ErrorAction Stop
# === Step 1: Connect to SharePoint ===
$siteUrl = "The Url of the SharePoint site."
try {
Connect-PnPOnline -Url $siteUrl -UseWebLogin
$global:connected = $true
} catch {
[System.Windows.Forms.MessageBox]::Show("ERROR connecting: $_", "Connection Failed", "OK", "Error")
return
}
# === Step 2: Build Form ===
$form = New-Object System.Windows.Forms.Form
$form.Text = "Set SharePoint Permissions"
$form.Size = New-Object System.Drawing.Size(600, 400)
$form.StartPosition = "CenterScreen"
# Label library
$lblLib = New-Object System.Windows.Forms.Label
$lblLib.Text = "Document Library:"
$lblLib.Location = New-Object System.Drawing.Point(10,20)
$lblLib.Size = New-Object System.Drawing.Size(200,20)
$form.Controls.Add($lblLib)
# ComboBox library
$cbLib = New-Object System.Windows.Forms.ComboBox
$cbLib.Location = New-Object System.Drawing.Point(10,40)
$cbLib.Width = 550
$form.Controls.Add($cbLib)
# Button: fetch libraries
$btnAuth = New-Object System.Windows.Forms.Button
$btnAuth.Text = "Fetch Libraries"
$btnAuth.Location = New-Object System.Drawing.Point(10, 80)
$btnAuth.Width = 550
$form.Controls.Add($btnAuth)
# Label user
$lblUser = New-Object System.Windows.Forms.Label
$lblUser.Text = "User ID (email, separate multiple with , or ;):"
$lblUser.Location = New-Object System.Drawing.Point(10,130)
$lblUser.Size = New-Object System.Drawing.Size(400,20)
$form.Controls.Add($lblUser)
# TextBox user
$txtUser = New-Object System.Windows.Forms.TextBox
$txtUser.Location = New-Object System.Drawing.Point(10,150)
$txtUser.Width = 550
$form.Controls.Add($txtUser)
# Label permissions
$lblPerm = New-Object System.Windows.Forms.Label
$lblPerm.Text = "Permission Level:"
$lblPerm.Location = New-Object System.Drawing.Point(10,190)
$lblPerm.Size = New-Object System.Drawing.Size(200,20)
$form.Controls.Add($lblPerm)
# ComboBox permissions
$cbPerm = New-Object System.Windows.Forms.ComboBox
$cbPerm.Location = New-Object System.Drawing.Point(10,210)
$cbPerm.Width = 550
$cbPerm.Items.AddRange(@("Read", "Contribute", "FullControl"))
$form.Controls.Add($cbPerm)
# Button: assign permissions
$btnSend = New-Object System.Windows.Forms.Button
$btnSend.Text = "Assign Permissions"
$btnSend.Location = New-Object System.Drawing.Point(10,260)
$btnSend.Width = 550
$form.Controls.Add($btnSend)
# Label output
$lblOutput = New-Object System.Windows.Forms.Label
$lblOutput.Location = New-Object System.Drawing.Point(10,300)
$lblOutput.Size = New-Object System.Drawing.Size(560,40)
$form.Controls.Add($lblOutput)
# === Step 3: Events ===
# Fetch libraries
$btnAuth.AddOutput(form)
Push on the button Fetch libraries. You have to authenticatie yourself on the web. After that you can assign members.
Details
Unfortunately, the PS convert to exe module that you can download from the PSGallery does not work for PowerShell 7.
If you still want to offer this, for example on an Intune workplace, you need to create a shortcut that
refers to the following
"C:\Program Files\PowerShell\7\pwsh.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -File "D:\FOLDER\File.ps1"
