web analytics
SharePoint

Using STSADM to Add Permissions to SharePoint Sites

Recently I came across multiple WSS sites (v3) that someone else created. These sites are used by everyone in the company and were not provisioned correctly; the permissions were incorrectly setup.

So, instead of visiting every site and adding the appropriate permissions, I created a batch file that went through the sites and added several SharePoint groups and individual users to the sites in different roles.

The stsadm operation I used was ‘userrole’. The syntax of the userrole operation is as follows:
stsadm –o userrole –url <full url> –userlogin <domain\user or SharePoint group> –role <role, such as Contribute or “Full Control”>

I created the script in Excel so I could put it together rather quickly. I created three (3) columns in a new Worksheet.
-> The first column [A] was for the full URL of the sites
-> Second column [B] was for the following function: =”stsadm –o userrole –url “&A2&” –userlogin “&C2&”<SharePoint group name or domain\user>”&C2&” –role “&C2&”<intended role>”&C2
-> The third column [C] holds a double quote mark – “ (this is done so I can enter the “ symbol in the outputted text, but not within the function. The quote is needed in the output text because your SharePoint group or role may have spaces in the names)

For example, one of my cells in the [B] column looked like this:
=”stsadm –o userrole –url “&A2&” –userlogin “&C2&”SharePoint Members”&C2&” –role “&C2&”Contribute”&C2

The output text looked like this: stsadm –o userrole –url http://sharepoint/site1 –userlogin “SharePoint Members” –role “Contribute”

I then logged into the Windows 2008 SharePoint front-end server as a SharePoint Farm Administrator and copied all the text in the [B] column to a text file and named it permissions.cmd. I ran the file as an administrator (making sure the current directory was the ‘12 hive’ where the stsadm.exe resided) and after a few moments, all was well with the permissions.

You can also use the userrole operation to remove permissions by adding the –delete switch. For more information on the userrole option, type stsadm –help userrole


As an independent consultant, I am dedicated to partnering with my clients to drive their success. Leverage the skills of a Microsoft MVP to elevate your project to new heights. I invite you to connect with me to discuss how my expertise can benefit your organization.
Contact Me: CollabFront.com/contact/


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.