A few days ago, I was working with a client on the SharePoint Online document management system. In this setup, guest users were allowed to upload files to the document library. However, there is a security concern: these guest users should be able to see and edit the files they uploaded, not others’ files.
For this, we wanted to use the out-of-the-box item-level permission. The item-level permissions is available in the UI in the advanced settings page of a SharePoint list.
But this option isn’t available in the SharePoint UI for document libraries. You can enable item-level permissions for a document library using PnP PowerShell. With just a few lines of script, we can enable item-level permissions for a SharePoint document library.
Note: This won’t make that permission visible in the SharePoint document library settings page, as you can see in the list settings page, as shown below.
To view the item-level permissions for a SharePoint list: Open the ListSettings -> Advanced settings, which contains the Read, Create and Edit access.
So, in this article, I will explain how to enable item-level permissions for a SharePoint document library using PnP PowerShell.
Enable Item-level Permission to SharePoint Document Library Using PnP PowerShell
Even though we enable item-level permission for the SharePoint document library using PnP PowerShell, the site owner and individuals with Full control permission for that library can still view all files.
Here is the SharePoint document library named “VendorDocuments,” where guest users are also able to see all the files, including files that they did not upload. This image is before enabling item-level permission to this library.
Follow the steps below to enable item-level permission to the document library.
- Run the script below using an account with Site Owner permissions. Only owners can update these settings.
# Set Parameters
$SiteURL = "https://YourTenant.sharepoint.com/sites/YourSite"
$ListName = "YourDocumentLibrary"
# Connect to SharePoint Online site
Connect-PnPOnline -Url $SiteURL -Interactive -ClientId "Your Client ID"
# Get the Document Library
$List = Get-PnPList $ListName -Includes ReadSecurity, WriteSecurity
# Apply Item-Level Permissions
$List.ReadSecurity = 2 # Users can only read items they created
$List.WriteSecurity = 2 # Users can only edit items they created
$List.Update()
Invoke-PnPQueryHere:
- $SiteURL = Provide your SharePoint site url.
- $ListName = Provide your document library name.
- Connect-PnPOnline = This command connects to the specified SharePoint site.
- -ClientId = Provide your registered application ID in the Microsoft Entra ID.
- After the script runs, site members will only be able to see and edit their own uploaded files. They will not be able to see files uploaded by others.
- Site Owners will still be able to see and manage all files in the library as usual.
- Once the code runs successfully, refresh the SharePoint library. If you are a guest user, you will be able to see the files you uploaded.
- Look at the image below, where I logged in with the SharePoint site owner account, so im able to see all the files uploaded in the SharePoint document library, even after enabling item-level permission.
This way, we can easily enable item-level permissions for the SharePoint document library using PnP PowerShell, allowing users to view only the files they have uploaded.
I hope you found this article helpful!, In this article, I explained how to apply item-level permissions to a SharePoint document library using PnP PowerShell. Run this code with the SharePoint site owner account; otherwise, you’ll face invalid permission errors.
Also, you may like:
- Upload Single or Multiple Files to SharePoint with Metadata Using PnP PowerShell
- Customize SharePoint List Toolbar Buttons With List Formatting
- Export and Import SharePoint Online Site as Template using PowerShell [Along with Power Apps Custom Forms]
- Add SharePoint Online List Items Using PowerShell
- Get All SharePoint Site Collections Using PowerShell
After working for more than 18 years in Microsoft technologies like SharePoint, Microsoft 365, and Power Platform (Power Apps, Power Automate, and Power BI), I thought will share my SharePoint expertise knowledge with the world. Our audiences are from the United States, Canada, the United Kingdom, Australia, New Zealand, etc. For my expertise knowledge and SharePoint tutorials, Microsoft has been awarded a Microsoft SharePoint MVP (12 times). I have also worked in companies like HP, TCS, KPIT, etc.
