Requirement: Find All SharePoint Online Sites with Unique Permissions using PowerShell
How to Check if a site (web) is using Unique permissions or inheriting permissions from the parent?
To get if a site has broken permissions, follow these steps:
- Navigate to the Site and then go to Site Settings >> Site Permissions >>Advanced permissions settings.
- In Advanced permissions page gives you the information whether the site has unique permissions or not. If the site has unique permissions,
you'll get the text "This site has unique permissions", otherwise "This site inherits permissions from its parent."
SharePoint Online: PowerShell to Get All Webs (subsites) with unique permissions
This PowerShell gets you all subsites of a site collection, which are using unique permissions.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to call a non-generic method Load
Function Invoke-LoadMethod() {
param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName)
$ctx = $Object.Context
$load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load")
$type = $Object.GetType()
$clientLoad = $load.MakeGenericMethod($type)
$Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
$Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
$ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
$ExpressionArray.SetValue($Expression, 0)
$clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}
#Define Parameter values
$SiteURL="https://crescent.sharepoint.com"
#Setup Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
Try {
#Function to check if site has unique permissions
Function Check-SPOWebUniquePermissions($SiteURL)
{
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $credentials
$Web = $Ctx.Web
$Ctx.Load($Web)
$Ctx.Load($Web.Webs)
$Ctx.ExecuteQuery()
#Check if the site has unique permissions
Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments"
$Ctx.ExecuteQuery()
if ($Web.HasUniqueRoleAssignments -eq $true)
{
Write-Host -f Green "Site '$($Web.URL)' has Unique Permissions"
}
else
{
Write-Host -f Yellow "Site '$($Web.URL)' is inhering Permissions from the Parent"
}
#Process Each subsite in current site
ForEach($Web in $Web.Webs)
{
#call the function recursively
Check-SPOWebUniquePermissions $Web.Url
}
}
#call the function
Check-SPOWebUniquePermissions $SiteURL
}
Catch {
write-host -f Red "Error Checking Unique Permissions!" $_.Exception.Message
}
No comments:
Please Login and comment to get your questions answered!