SharePoint Online: Find All Subsites with Unique Permissions using PowerShell
Requirement: Find All SharePoint Online Sites with Unique Permissions using PowerShell
How to check if a site (web) is using Unique permissions or inheriting permissions from the parent?
Are you looking for a way to quickly check if a SharePoint Online Subsite has unique permissions? PowerShell makes finding all sites with unique permissions a breeze! This blog post will show you how to use PowerShell to find all subsites with unique permissions.
To check if a site has broken permissions, follow these steps:
- Navigate to the Site and then go to Site Settings >> Site Permissions >>Advanced permissions settings.
- In Advanced permissions page gives you the information whether the site has unique permissions or not. If the site has unique permissions,
you’ll get the text “This site has unique permissions”, otherwise “This site inherits permissions from its parent.”
SharePoint Online: PowerShell to Get All Webs (subsites) with unique permissions
This PowerShell gets you all subsites of a site collection, which are using unique permissions:
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to call a non-generic method Load
Function Invoke-LoadMethod() {
param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName)
$ctx = $Object.Context
$load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load")
$type = $Object.GetType()
$clientLoad = $load.MakeGenericMethod($type)
$Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
$Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
$ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
$ExpressionArray.SetValue($Expression, 0)
$clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
#Define Parameter values
$SiteURL="https://crescent.sharepoint.com"
#Setup Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
Try {
#Function to check if site has unique permissions
Function Check-SPOWebUniquePermissions($SiteURL)
{
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $credentials
$Web = $Ctx.Web
$Ctx.Load($Web)
$Ctx.Load($Web.Webs)
$Ctx.ExecuteQuery()
#Check if the site has unique permissions
Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
$Ctx.ExecuteQuery()
if ($Web.HasUniqueRoleAssignments -eq $true)
{
Write-Host -f Green "Site '$($Web.URL)' has Unique Permissions"
}
else
{
Write-Host -f Yellow "Site '$($Web.URL)' is inhering Permissions from the Parent"
}
#Process Each subsite in current site
ForEach($Web in $Web.Webs)
{
#call the function recursively
Check-SPOWebUniquePermissions $Web.Url
}
}
#call the function
Check-SPOWebUniquePermissions $SiteURL
}
Catch {
write-host -f Red "Error Checking Unique Permissions!" $_.Exception.Message
}
PnP PowerShell to Get Subsites with Unique Permissions
Let’s audit all subsite’s unique permission status with the help of PnP PowerShell:
#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
Try {
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
#Get All subsites from the SharePoint Online site collection
$WebsCollection = Get-PnPSubWeb -Recurse -Includes HasUniqueRoleAssignments
#Get Unique Permission status of each subsite
$WebsCollection | Select Title, URL, HasUniqueRoleAssignments
}
catch {
write-host "Error: $($_.Exception.Message)" -foregroundcolor Red
}
