[FEATURE] Set ClearSubscopes (BreakRoleInheritance ) for Permission Cmdlets (Set-PnPFolderPermissions and Set-PnPListItemPermissions) #4951
Description
Is your feature request related to a problem? Please describe.
I was surprised when I noticed that the the Cmdlets silently cleared all previously set permissions on all sub-folders.
Describe the solution you'd like
I want to control whether subscopes should be cleared or not in the case permissions are not yet broken.
Describe alternatives you've considered
Check if HasUniqueRoleAssignments is false on $item, then use
$item.BreakRoleInheritance($copyRoleAssignments, $clearSubscopes)
Invoke-PnPQuery
Additional context
C#
public virtual void BreakRoleInheritance(
bool copyRoleAssignments,
bool clearSubscopes
)
I checked commands that deal with permissions:
Set-PnPList
If BreakRoleInheritance used:
- CopyRoleAssignments: Default False
- ClearSubscopes: Default False
Set-PnPListPermission
This doesn't use BreakRoleInheritance on its own
Set-PnPFolderPermissions
BreakRoleInheritance is done when needed:
- ClearExisting: Default False, which translates to copyRoleAssignments: Default True
- ClearSubscopes: Always True / Not yet a parameter
Set-PnPListItemPermissions
BreakRoleInheritance is done when needed:
- ClearExisting: Default False, which translates to copyRoleAssignments: Default True
- ClearSubscopes: Always True / Not yet a parameter
Implementation
I can implement this myself,
but I am not sure if it is preferable to have in a non breaking way,
because in the current version clearSubscopes is always true.
Options:
Non breaking way
- Switch Parameter CopySubscopes or KeepSubscopes: Default False, which translates to clearSubscopes: Default True
The breaking way (because the hidden default is inverted)
- Switch Parameter ClearSubscopes: Default False
The other way
- Boolean Parameter ClearSubscopes: Default True
Any feedback is welcome! 😄