DEV Community

Excalibra
Excalibra

Posted on • Edited on

1

[PowerShell] Batch Add Related Permissions Based on Text Content

Background

Requirement: To batch add related permissions based on the content of a text file. The actual names of the shared folders differ slightly from those provided in the text. However, the goal is to batch add permissions for such folders based on the text.

Desired Outcome

First, the following Excel spreadsheet, as shown in the image:

Image description

Then, copy this content into a text file.

Image description

Image description

Batch add related permissions based on the content of the text.

Implementation Method

The text content is segmented using spaces, middots, commas, or tab characters as delimiters. Then, based on keyword matching, such as "access" or "edit," different permissions are assigned accordingly.

Source Code and Repository URL:

# Define the main directory path
$baseFolderPath = "C:\SharedFolders"  # Base path
$userFile = "C:\Users\Administrator\Desktop\PermissionAssignmentList.txt"  # Replace with the actual path of the TXT file

# Read each line of the user file
Get-Content $userFile | ForEach-Object {
    # Split the content of each line
    # $parts = $_ -split '\s+'
    $parts = $_ -split '[\s,\t、]+'  # Regular expression includes spaces, tabs, commas, and middots
    if ($parts.Length -ge 8) {
        $username = $parts[0]
        $folder2 = $parts[5]  # Group folder
        $folder3 = $parts[6]  # Public directory folder
        $permissionType = $parts[7]

        # Set NTFS permission type
        $ntfsPermission = if ($permissionType -like "*Access*") { 
            "(OI)(CI)(R)"  # Read-only permission
        } elseif ($permissionType -like "*Edit*" -or $permissionType -like "*ReadWrite*" -or $permissionType -like "*Save*") { 
            "(OI)(CI)(M)"  # Modify permission
        } else { 
            "(OI)(CI)(R)"  # Default to read-only permission
        }

        # Set share permission type
        $sharePermission = if ($permissionType -like "*Access*") { 
            "Read"  # Shared read-only permission
        } elseif ($permissionType -like "*Edit*" -or $permissionType -like "*ReadWrite*" -or $permissionType -like "*Save*") { 
            "Change"  # Shared change permission
        } else { 
            "Read"  # Default to shared read-only permission
        }

        # Process folder2 (group folder) path by removing the word "Group"
        $folder2WithoutGroup = if ($folder2 -like "*Group") {
            $folder2 -replace "Group$", ""  # Remove "Group" (at the end)
        } else {
            $folder2  # Keep it as is if "Group" is not present
        }

        # Construct the full folder paths
        $fullPath1 = Join-Path -Path $baseFolderPath -ChildPath $folder2  # Original group folder path
        $fullPath2 = Join-Path -Path $baseFolderPath -ChildPath $folder3  # Public directory folder path
        $fullPath3 = Join-Path -Path $baseFolderPath -ChildPath $folder2WithoutGroup  # Path without "Group"

        # Assign permissions to each folder path
        $folders = @($fullPath1, $fullPath2, $fullPath3)

        foreach ($folderPath in $folders) {
            # Check if the folder path exists
            if (-Not (Test-Path $folderPath)) {
                Write-Output "Path $folderPath does not exist, skipping this path."
                continue
            }

            # Use icacls to set NTFS permissions
            icacls "$folderPath" /grant ${username}:$ntfsPermission /t
            Write-Host "Assigned NTFS $ntfsPermission permission to user $username for folder $folderPath." -ForegroundColor Yellow

            # Check if the share exists
            $netShareName = (Get-Item $folderPath).Name  # Use the folder name as the share name

            if (Get-SmbShare -Name $netShareName -ErrorAction SilentlyContinue) {
                # If the share exists, add share permissions
                Grant-SmbShareAccess -Name $netShareName -AccountName "$username" -AccessRight $sharePermission -Force
                Write-Host "Assigned shared $sharePermission permission to user $username for share $netShareName." -ForegroundColor Yellow
            } else {
                Write-Output "Share $netShareName does not exist, skipping share permission assignment."
            }
        }
    }
    else {
        Write-Output "Line format does not match, skipping: $_"
    }
}

Write-Output "All user permissions have been successfully added."
Enter fullscreen mode Exit fullscreen mode

After finishing this script, the main tasks of batch adding permissions are basically complete. There’s not much need to write additional scripts; any future needs would probably just involve simple batch processing.

Reinvent your career. Join DEV.

It takes one minute and is worth it for your career.

Get started

Top comments (0)

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay