Security and the PnP.Core template

If you are using a PnP.Core template to provision the structure for a site, you will also want to provision the security with the template.  You can build out new security groups by adding the following node as a direct child of the ProvisioningTemplate:

      <pnp:Security>

        <pnp:SiteGroups>

          <pnp:SiteGroup Title="SharePointGroupName" 

              Description="Sample SharePoint Group" 
              Owner="i:0#.w|domain\user" 
              AllowMembersEditMembership="true" 
              AllowRequestToJoinLeave="false" 
              AutoAcceptRequestToJoinLeave="false" 
              OnlyAllowMembersViewMembership="false">

            <pnp:Members>

              <pnp:User Name="i:0#.w|domain\user" />

            </pnp:Members>

          </pnp:SiteGroup>

        </pnp:SiteGroups>

      </pnp:Security>

Then, on your lists you just add the following as a direct child of the ListInstance node:

          <pnp:Security>

            <pnp:BreakRoleInheritance 
                  CopyRoleAssignments="false" 
                  ClearSubscopes="false">

              <pnp:RoleAssignment 
                    Principal="SharePointGroupName" 
                    RoleDefinition="Full Control" />

            </pnp:BreakRoleInheritance>

          </pnp:Security>

It really is as easy as that.