In some deployment scenarios we must grant permissions for Everyone or Everyone except external users. Doing so in the browser interface is easy, but in PowerShell it is somewhat difficult, because we need the claim. The claim for Everyone is “c:0(.s|true”. So with PowerShell we can use this call (we are using the PowerShell PnP extensions to make our life easier) to add Everyone to the Visitors group of a site:


$group = Get-PnPGroup -AssociatedVisitorGroup
Add-PnPUserToGroup -LoginName "c:0(.s|true" -Identity $group

For doing the same for Everyone except external users we need to know the “syntax” of the claim that is needed. The claim for Everyone except external users looks like “c:0-.f|rolemanager|spo-grid-all-users/{tenant-id}”. So, to set the permissions for this group we need to assemble the token. But with PowerShell PnP that is not that problem. These simple three lines of code can do the job:


$realm = Get-PnPAuthenticationRealm
$loginName = "c:0-.f|rolemanager|spo-grid-all-users/$realm"
$group = Get-PnPGroup -AssociatedVisitorGroup
Add-PnPUserToGroup -LoginName $loginName -Identity $group

And that is the result, after running these two scripts:

Not so difficult, but it might be necessary that an administrator activates the ability to use these claims. See this article for more information.

 

Advertisements