Powershell, Sharepoint and granting SPBasePermissions

Over the last few months, I’ve been learning how to automate Sharepoint installs and perform base configurations.  Between psconfig, stsadm and stsadm extension by Gary LaPoint, I’ve been able to achieve pretty much a scripted install.   Most of the configuration has been just setting up a Sharepoint farm.  I ran into a situation where I needed to create a custom Permission Level in the post configuration section.   This was my first venture into using Powershell and the Microsoft.Sharepoint.dll API.   I’m trying to do everything without having a compiled application. All my scripts are currently using Powershell v1.0.   I ran into a limitation when trying to automate granting the custom Permission level.  I received this error.

Cannot convert value “EnumeratePermissions” to type “System.Int32”. Error: “Value was either too large or too small for an Int32.”

Here is the script I ran using the -bor operator that produced the error. 

$site = new-object Microsoft.SharePoint.SPSite(http://www.example.com)
$web = $site.OpenWeb()
$perm = new-object Microsoft.SharePoint.SPRoleDefinition
$perm.Name = “Example Permission”
$perm.Description = “Example Permission Mask”
$perm.BasePermissions = [Microsoft.SharePoint.SPBasePermissions]::SPBasePermissions.BrowseDirectories -bor [Microsoft.SharePoint.SPBasePermissions]::ViewPages -bor [Microsoft.SharePoint.SPBasePermissions]::EnumeratePermissions -bor [Microsoft.SharePoint.SPBasePermissions]::BrowseUserInfo -bor [Microsoft.SharePoint.SPBasePermissions]::UseRemoteAPIs -bor [Microsoft.SharePoint.SPBasePermissions]::Open

With assistance from the Powershell Community, they showed me a modified way to do bitmasks in Powershell (bit masks and -bor are limited to 32 bit integer.  Here is the modified code.  The only difference is the bitmask options

$site = new-object Microsoft.SharePoint.SPSite(“http://example.com“)
$web = $site.OpenWeb()
$perm = new-object Microsoft.SharePoint.SPRoleDefinition
$perm.Name = “Example custom Permission”
$perm.Description = “Custom Permission Mask”
$perm.BasePermissions = “BrowseDirectories,ViewPages,EnumeratePermissions,BrowseUserInfo,UseRemoteAPIs,Open,ViewListItems,ViewVersions,OpenItems”

//Grant a domain user to the Example Custom Permission from within a site collection
stsadm -o adduser -url http://www.example.com -userlogin DomainUsername -useremail someone@example.com -role “Example custom Permission” -username DomainNameUsername

Hope this helps someone.


Steve Schofield
Microsoft MVP – IIS

2 thoughts on “Powershell, Sharepoint and granting SPBasePermissions”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s