SharePoint Online: Export Permissions of a Site, List, Item using PowerShell

Requirement: Export permissions applied on a particular SharePoint Site, List or List Item to CSV report.

PowerShell to Export Permissions of a Site, List, List Item in SharePoint Online:
This PowerShell script extracts and exports Immediate (not on any underlying objects) permissions of the given object. E.g. get list permissions.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Get Permissions Applied on a particular Object, such as: Web, List or ListItem
Function Export-SPOPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object, $ReportFile)
{
    #Write CSV- TAB Separated File) Header
    "Account `t Permissions `t Type" | out-file $ReportFile

    #Get permissions assigned to the object
    $Ctx.Load($Object.RoleAssignments)
    $Ctx.ExecuteQuery()

    Foreach($RoleAssignment in $Object.RoleAssignments)
    { 
            $Ctx.Load($RoleAssignment.Member)
            $Ctx.executeQuery()

            #Get the Permissions on the given object
            $Permissions=@()
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
            $Ctx.ExecuteQuery()
            Foreach ($RoleDefinition in $RoleAssignment.RoleDefinitionBindings)
            {
                $Permissions += $RoleDefinition.Name +";"
            }
            #Check the permission type
            if($RoleAssignment.Member.PrincipalType -eq "User")
            {
                #Send the Data to Report file
                "$($RoleAssignment.Member.Title)($($RoleAssignment.Member.LoginName)) `t $($Permissions) `t User Account" | Out-File $ReportFile -Append
            }
                
            ElseIf($RoleAssignment.Member.PrincipalType -eq "SharePointGroup")
            {
                #Send the Data to Report file
                "$($RoleAssignment.Member.LoginName)`t $($Permissions) `t SharePoint Group" | Out-File $ReportFile -Append
            }
            ElseIf($RoleAssignment.Member.PrincipalType -eq "SecurityGroup")
            {
                #Send the Data to Report file
                "$($RoleAssignment.Member.Title)`t $($Permissions) `t Security Group" | Out-File $ReportFile -Append
            }
    }
    Write-host -f Green "Permissions Exported to File $ReportFile!"
}

Try {

        #Set parameter values
        $SiteURL="https://crescent.sharepoint.com/sites/Ops"
        $ListName="Projects"
        $ListItemID="2"

        #Get Credentials to connect
        $Cred= Get-Credential
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Credentials

        #Get the Web
        $Web = $Ctx.Web
        $Ctx.Load($Web)
        $Ctx.ExecuteQuery()

        #Call the function to Get web's permissions
        Write-host -f Yellow "Extracting Permissions of the Web "$Web.URL"..."
        Export-SPOPermissions -Object $Web -ReportFile "C:\Temp\WebPermissions.csv"

        #Get the List
        $List = $Ctx.web.Lists.GetByTitle($ListName)
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()

        #Call the function to Get List's permissions
        Write-host -f Yellow "Extracting Permissions of the List "$List.Title"..."
        Export-SPOPermissions -Object $List -ReportFile "C:\Temp\ListPermissions.csv"

        #Get List Item by ID
        $ListItem = $List.GetItemById($ListItemID)  
        $Ctx.Load($ListItem)
        $Ctx.ExecuteQuery()

        #Call the function to Get List's permissions
        Write-host -f Yellow "Extracting Permissions of the List Item ID: "$ListItemID"..."
        Export-SPOPermissions -Object $ListItem -ReportFile "C:\Temp\ListItemPermissions.csv"
     }
    Catch {
        write-host -f Red "Error Generating Permissions Report!" $_.Exception.Message
 } 
This exports SharePoint Online permissions using PowerShell. Here is a sample report generated:
export sharepoint online permissions to excel using powershell

Expand SharePoint Groups and Export List Permissions using PowerShell 
How about expanding each SharePoint Online group and exporting its members, instead of just displaying the group name? So that you exactly get who has access to what! Here is the PowerShell to get SharePoint Online Document Library or List Permissions.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
   
#Function to Export List Permissions to CSV
Function Export-SPOListPermission([String]$SiteURL, [String]$ListName, [String]$CSVPath)
{
    Try{
        #Get Credentials to connect
        $Cred= Get-Credential

        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
       
        #Get the List
        $List = $Ctx.Web.Lists.GetByTitle($ListName)
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()
  
        #Get permissions assigned to the List
        $RoleAssignments = $List.RoleAssignments
        $Ctx.Load($RoleAssignments)
        $Ctx.ExecuteQuery()
  
        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $RoleAssignments)
        { 
            $Ctx.Load($RoleAssignment.Member)
            $Ctx.executeQuery()
  
            #Get the Principal Type: User, SP Group, AD Group
            $PermissionType = $RoleAssignment.Member.PrincipalType
  
            #Get the Permission Levels assigned
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
            $Ctx.ExecuteQuery()
            $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","
              
            #Get SharePoint group members
            If($PermissionType -eq "SharePointGroup")
            {
                #Get Group Members
                $Group = $Ctx.web.SiteGroups.GetByName($RoleAssignment.Member.LoginName)
                $Ctx.Load($Group)
                $GroupMembers= $Group.Users
                $Ctx.Load($GroupMembers)
                $Ctx.ExecuteQuery()
                Foreach ($Member in $GroupMembers)
                {
                    #Add the Data to Object
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty Name($Member.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                    $PermissionCollection += $Permissions
                }
            }
            Else
            {
                #Add the Data to Object
                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty Name($RoleAssignment.Member.Title)
                $Permissions | Add-Member NoteProperty Type($PermissionType)
                $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
                $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                $PermissionCollection += $Permissions
            }

        }
        $PermissionCollection
        
        #Export List Permissions to CSV File
        $PermissionCollection | Export-CSV $CSVPath -NoTypeInformation
        write-host -f Green "List Permissions Exported Successfully!"
    }
    Catch {
    write-host -f Red "Error Exporting List Permissions!" $_.Exception.Message
    }
}

#Call the function to Export List Permissions
Export-SPOListPermission -SiteURL "https://crescenttech.sharepoint.com/sites/Marketing" `
                         -ListName "Documents" -CSVPath "C:\Temp\ListPermissions.csv"
SharePoint Online: Export Permissions of a Site, List, Item using PowerShell SharePoint Online: Export Permissions of a Site, List, Item using PowerShell Reviewed by Salaudeen Rajack on June 06, 2017 Rating: 5

2 comments:

Please Login and comment to get your questions answered!

Powered by Blogger.