Client Side Object Model (CSOM) Permission PowerShell SharePoint SharePoint Online 

SharePoint Online: Find All Sites with Unique Permissions using PowerShell

Salaudeen Rajack 0 Comments ,

Requirement: Find All SharePoint Online Sites with Unique Permissions using PowerShell

How to check if a site (web) is using Unique permissions or inheriting permissions from the parent?

To get if a site has broken permissions, follow these steps:

  • Navigate to the Site and then go to Site Settings >> Site Permissions >>Advanced permissions settings.
  • In Advanced permissions page gives you the information whether the site has unique permissions or not. If the site has unique permissions,
    you’ll get the text “This site has unique permissions“, otherwise “This site inherits permissions from its parent.”
    sharepoint online powershell to find sites with unique permissions

SharePoint Online: PowerShell to Get All Webs (subsites) with unique permissions

This PowerShell gets you all subsites of a site collection, which are using unique permissions

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Function to call a non-generic method Load
Function Invoke-LoadMethod() {
   param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName) 
   $ctx = $Object.Context
   $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $type = $Object.GetType()
   $clientLoad = $load.MakeGenericMethod($type)  
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}

#Define Parameter values
$SiteURL="https://crescent.sharepoint.com"

#Setup Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

Try {
    #Function to check if site has unique permissions
    Function Check-SPOWebUniquePermissions($SiteURL)
    {
        #Set up the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $credentials
 
        $Web = $Ctx.Web
        $Ctx.Load($Web)
        $Ctx.Load($Web.Webs)
        $Ctx.ExecuteQuery()

        #Check if the site has unique permissions
        Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
        $Ctx.ExecuteQuery()

        if ($Web.HasUniqueRoleAssignments -eq $true)
        {        
            Write-Host -f Green "Site '$($Web.URL)' has Unique Permissions"
        }
        else
        {
            Write-Host -f Yellow "Site '$($Web.URL)' is inhering Permissions from the Parent"
        }
 
        #Process Each subsite in current site
        ForEach($Web in $Web.Webs)
        {
            #call the function recursively
            Check-SPOWebUniquePermissions $Web.Url
        }
    } 
    #call the function 
    Check-SPOWebUniquePermissions $SiteURL
}
Catch {
    write-host -f Red "Error Checking Unique Permissions!" $_.Exception.Message
}

Salaudeen Rajack

Information Technology Professional with Two decades of SharePoint Experience.

Leave a Reply