diff --git a/folderauth.py b/folderauth.py
new file mode 100644
index 0000000..091fed5
--- /dev/null
+++ b/folderauth.py
@@ -0,0 +1,92 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# folderauth.py
+#
+#
+# sets the authorizations of folders
+# current authorizations are not removed, only new ones are added and existing
+# rules might be updated
+#
+# CSV-Format
+# Column 1 is the full path to the folder
+# Column 2 is the principal type
+# Column 3 is the principal id
+# Column 4 is the access setting (read, full)
+
+
+import argparse
+import csv
+import os
+import json
+import subprocess
+import sys
+from sharedfunctions import callrestapi, getfolderid, file_accessible
+
+
+def addRule(data):
+
+    if debug: print("Rule data: "+str(data))
+    rst = callrestapi('authorization/rules','post',data=data,returnResponse=True)
+
+    if rst.status_code==201:
+        print("  done")
+
+    elif rst.status_code==400 and json.loads(rst.text)['errorCode']==1177:
+        print("  rule already exists, skiping")
+
+    elif (400 <= rst.status_code <=599):
+        print("http response code: "+ str(rst.status_code))
+        print("ret.text: "+rst.text)
+        sys.exit()
+
+
+
+parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
+parser.add_argument("-f","--file", help="Full path to CSV file.",required='True')
+parser.add_argument("-d","--debug", help="Turn debug on", action='store_true', default=False)
+
+args = parser.parse_args()
+file=args.file
+debug=args.debug
+
+if not file_accessible(file,'r'):
+    print("Can not open file.")
+    sys.exit(1)
+
+with open(file, 'rt') as f:
+    filecontents = csv.reader(f)
+    for row in filecontents:
+        print("Adding rule: "+str(row))
+        folderpath=row[0]
+        principaltype=row[1]
+        principalname=row[2]
+        accesscontrol=row[3]
+
+        folderid=getfolderid(folderpath)
+        folderuri=folderid[0]
+
+        if accesscontrol=="full":
+            permissions = ["create","read","update","delete","secure","add","remove"]
+        elif accesscontrol=="read":
+            permissions = ["read"]
+        else:
+            print("Unkown access control: "+accesscontrol)
+
+        data = {
+            'type': 'grant',
+            'objectUri': '/folders/folders/'+folderuri,
+            'principalType': principaltype,
+            'principal': principalname,
+            'permissions': permissions
+        }
+        addRule(data)
+
+        data = {
+            'type': 'grant',
+            'containerUri': '/folders/folders/'+folderuri,
+            'principalType': principaltype,
+            'principal': principalname,
+            'permissions': permissions
+        }
+        addRule(data)