Manage SharePoint List Permissions with PowerShell
You can Manage SharePoint List Permissions with PowerShell which gives you more control than using the web interface.
I had the situation, where the permissions of a SharePoint list were modified using the web interface.
This list’s inherited permissions were removed (by clicking on “Stop Inheriting Permissions”) and everything looked fine on the web interface. However, a user that should not have access to the list (according to the configured permissions and also by confirming using the “Check Permissions” menu item, the user actually had access to the list.
By querying the permissions (i.e. RoleAssigments) of the list using PowerShell, the result listed more entries than those visible in the web interface.
One of them was:
Member RoleDefinitionBindings
------ ----------------------
Style Resource Readers {Limited Access}
I assume the “Break Role Inheritance” web function did not remove all role assignments correctly but copied some of them.
You can ensure the removal of all unwanted roles using PowerShell.
List Permissions using PowerShell
This PowerShell script will enumerate all permissions for the list.
$web = get-spweb http://webapp.url/sites/site
$list = $web.lists["yourlist"]
$list.RoleAssignments | ft -AutoSize
Reset Role Inheritance using PowerShell
This PowerShell script will reset the permissions (“Break Role Inheritance”) and then add permissions to the list.