1

I need a report for the users permissions on a library. Eg: mysharepoint.com/teams/documents, and i want to know if there is a simple powershell script to export that data.

Thanks in advance

#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Variables for SharePoint Online Admin & Target site collection
$AdminSiteURL="https://crescent-admin.sharepoint.com"
$SiteCollURL="https://crescent.sharepoint.com/sites/sales"

#Get the Credentials
$Credential = Get-credential
#Connect To SharePoint Online
Connect-SPOService -url $AdminSiteURL -Credential $Credential

#Get the Site collection
$Site = Get-SPOSite $SiteCollURL

#Get all Groups of the site collection    
$GroupColl = Get-SPOSiteGroup -Site $Site | Where { $_.Roles -ne $NULL -and $_.Users -ne $NULL}

Foreach($Group in $GroupColl)
{
    #Get Permissions assigned to the Group
    $GroupPermissions=""
    ForEach($Role in $Group.Roles)
    {
        $GroupPermissions+= $Role+";"
    }
    Write-host -f Yellow "Group Name: $($Group.Title) - Permissions: $($GroupPermissions)"

    #Get each member of the group
    foreach($User in $Group.Users)
    {
         write-host -f Green $user
    }              
}
Improve this question
1
  • please share your current tries?! Commented Nov 16, 2018 at 12:40

1 Answer 1

Reset to default
3

You can use PnP PowerSHell to retrieve library permissions. Here is a script which can do this, you just need to enter your username, site URL, and document library for which you want to get permissions. Script gets all the users, SharePoint groups and members of the SharePoint groups and permission assigned to them. 


# install PnP module
Install-Module SharePointPnPPowerShellOnline

# variables to define
$username = "yourUsername"
$siteUrl = "https://companyName.sharepoint.com/sites/test"
$outputFile = "C:\LibraryPermissions.csv"
$libraryName = "Shared Library"

# connect to SP online site collection
$credential = Get-Credential -UserName $username -Message "Type the password:"
Connect-PnPOnline -Url $siteUrl -Credentials $credential

# output file name and location
if (Test-Path $OutputReport)
{
    Remove-Item $OutputReport
}
"Title `t LoginName `t PrincipalType `t Permission `t GivenThrough" | Out-File $outputFile -Append

# get document library
$library = Get-PnpList -Identity $libraryName -Includes RoleAssignments

# get all the users and groups who has access
$roleAssignments = $library.RoleAssignments
foreach ($roleAssignment in $roleAssignments)
{
    Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings, Member

    $loginName = $roleAssignment.Member.LoginName
    $title = $roleAssignment.Member.Title
    $principalType = $roleAssignment.Member.PrincipalType
    $givenThrough = ""
    $permissionLevel = ""
    # loop through permission levels assigned to specific user/group
    foreach ($roleDefinition in $roleAssignment.RoleDefinitionBindings){
        $PermissionLevel += $RoleDefinition.Name + ";"
    }
    $givenThrough = "Given directly"
    "$($title) `t $($loginName) `t $($principalType) `t $($permissionLevel) `t $($givenThrough)" | Out-File $outputFile -Append

    # if principal is SharePoint group -> get SharePoint group members
    if ($roleAssignment.Member.PrincipalType.ToString() -eq "SharePointGroup")
    {
        $givenThrough = $roleAssignment.Member.Title.ToString()

        $groupMembers = Get-PnpGroupMembers -Identity $roleAssignment.Member.LoginName
        foreach ($member in $groupMembers)
        {
            "$($member.Title) `t $($member.LoginName) `t $($member.PrincipalType) `t $($permissionLevel) `t $($title)" | Out-File $outputFile -Append
        }
    }
}

Please note that script does not expand Security Groups and their members. We have a tool SysKit Security Manager which shows the information you wanted, it has Permissions Matrix report which shows who has access to document library and its' files. Hope you'll find this helpful.

Improve this answer
1
  • 1
    Is it possible to find these fields for each folder within the Library? Commented Dec 5, 2019 at 12:34

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.