SharePoint Online: Get All Permission Levels using PowerShell

Requirement: Get permission levels in SharePoint Online site using PowerShell.

SharePoint Online: PowerShell to Get Permission Levels

Permission levels are sets of base permissions grouped together to provide specific rights in the site. This script returns all permission level names including out-of-the-box permission levels such as “Full Control” and any custom permission levels created in the given SharePoint Online site collection.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
Function Get-SPOPermissionLevels()
{
  param
    (
        [Parameter(Mandatory=$true)] [string] $SiteURL        
    )
    Try { 
        #Get Credentials to connect
        $Cred= Get-Credential
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Credentials

        #Get all permission levels
        $RoleDefColl=$Ctx.web.RoleDefinitions
        $Ctx.Load($RoleDefColl)
        $Ctx.ExecuteQuery()
    
        #Loop through all role definitions
        ForEach($RoleDef in $RoleDefColl)
        {
            Write-Host -ForegroundColor Green $RoleDef.Name
        }
     }
    Catch {
        write-host -f Red "Error getting permission Levels!" $_.Exception.Message
    }
}
 
#Set parameter values
$SiteURL="https://crescent.sharepoint.com/sites/Ops/"

#Call the function 
Get-SPOPermissionLevels -SiteURL $SiteURL 

This script gets you all the Permission Levels that are configured in the given SharePoint Online site collection.

SharePoint Online PowerShell to Get Permission Level

If you want to get a specific permission level in your PowerShell script, you can use:

#Get the permission level
$PermissionLevelName ="Read"
$PermissionLevel = $web.RoleDefinitions.GetByName($PermissionLevelName)
$Ctx.Load($PermissionLevel)
$Ctx.ExecuteQuery()

SharePoint Online: PnP PowerShell to Get Permission Level

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"

#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get Permission levels
Get-PnPRoleDefinition

Similarly, to get a specific permission level, use:

#Get a Permission level
Get-PnPRoleDefinition -Identity "Read"

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply