Managing SharePoint Site Permissions with PowerShell

Efficient management of site permissions in SharePoint is crucial for maintaining security and controlling access to sensitive information. This PowerShell script automates the process of retrieving and updating permissions for a specified SharePoint site, making it easier for administrators to ensure that users have the appropriate access rights.
This script will:
1. Connect to the SharePoint site using PowerShell.
2. Retrieve the current permissions for the specified site.
3. Update permissions to add or remove access for users or groups as needed.
By using this script, IT administrators can save time managing permissions and enhance the overall security posture of their SharePoint environment.

# Install the SharePoint Online Management Shell if not already installed
if (-Not (Get-Module -ListAvailable -Name Microsoft.Online.SharePoint.PowerShell)) {
    Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser -AllowClobber
}
# Connect to SharePoint Online
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"
$credential = Get-Credential
Connect-SPOService -Url $siteUrl -Credential $credential
# Retrieve current site permissions
$siteGroups = Get-SPOSiteGroup -Site $siteUrl
Write-Host "=== Current Permissions for Site: $siteUrl ==="
foreach ($group in $siteGroups) {
    Write-Host "Group: $($group.Title)"
    $members = Get-SPOGroupMembers -Group $group.Title -Site $siteUrl
    foreach ($member in $members) {
        Write-Host "  User: $($member.LoginName)"
    }
}
# Update permissions: Add or Remove Users
$action = Read-Host "Do you want to add or remove users? (add/remove)"
$userEmail = Read-Host "Enter the user's email address"
$groupTitle = Read-Host "Enter the group title"
switch ($action.ToLower()) {
    "add" {
        Add-SPOUser -Group $groupTitle -LoginName $userEmail -Site $siteUrl
        Write-Host "Added $userEmail to $groupTitle group."
    }
    "remove" {
        Remove-SPOUser -Group $groupTitle -LoginName $userEmail -Site $siteUrl
        Write-Host "Removed $userEmail from $groupTitle group."
    }
    default {
        Write-Host "Invalid action specified."
    }
}
# Disconnect from SharePoint
Disconnect-SPOService
Write-Host "Permissions management process completed."