All Authenticated Users claim
-
06-12-2019 - |
Question
I'm adding items to my list by powershell script. I need to fine-grain user permissions to added items.
Code I'm using now:
$claim = New-SPClaimsPrincipal -ClaimValue $role -ClaimType $ROLE_CLAIM -TrustedIdentityTokenIssuer $sts
[Microsoft.SharePoint.SPRoleAssignment] $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($claim.ToEncodedString(), "", $role, "")
$roleAssignment.RoleDefinitionBindings.Add($web.RoleDefinitions[$permissionLevel[$permission]])
$item.BreakRoleInheritance($true)
$item.RoleAssignments.Add($roleAssignment)
$item.Update()
This works when I'm assigning Full Control to administrators. But I'd like also other users to be able to read all items from the list. So I thought I'll add "All Authenticated Users" (like in people picker) read permission. The thing is that I don't what ClaimValue
and ClaimType
I have to pass to New-SPClaimsPrincipal
cmdlet. Any ideas?
La solution
To get claim for All Authenticated Users in PS you need to use:
$claim = New-SPClaimsPrincipal -EncodedClaim "c:0(.s|true"
for windows users (NT AUTHORITY\authenticated users):
$claim = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|windows"
and for all forms authenticated users (basic asp.net membership provider)
$claim = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|forms:aspnetsqlmembershipprovider"
After that you can create role assignment like in code you provided and add it to item (I didn't test it myself).
And I still cannot believe that MSDN Forum has nice and simple answer to it here.