SharePoint Online: Get All Permission Levels using PowerShell

Requirement: Get permission levels in the SharePoint Online site using PowerShell.

How to Get All Permission Levels in SharePoint Online Site?

In SharePoint Online, you can assign different permission levels to users and groups to control what they can and cannot do on the site. For example, you may want your marketing team to have full access to all content on the site while giving other users read access. This blog post will show you how to get all permission levels for a site in SharePoint Online.

To view all permission levels in a SharePoint Online site, do the following:

  • Click on Settings gear >> choose “Site Settings”
  • Click on Site Permissions link in the site settings page >> Click on “Permission Levels” from the ribbon.permission level in sharepoint online
  • The Permission Levels page lists all permission levels available in the site.get all permission levels in sharepoint online

This is useful if you want to see what permissions are currently assigned to users or groups in your environment.

SharePoint Online: PowerShell to Get Permission Levels

Permission levels are sets of base permissions grouped together to provide specific rights in the site. This script returns all permission level names, including out-of-the-box permission levels such as “Full Control” and any custom permission levels created in the given SharePoint Online site collection.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
Function Get-SPOPermissionLevels()
{
  param
    (
        [Parameter(Mandatory=$true)] [string] $SiteURL        
    )
    Try { 
        #Get Credentials to connect
        $Cred= Get-Credential
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
 
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = $Credentials

        #Get all permission levels
        $RoleDefColl=$Ctx.web.RoleDefinitions
        $Ctx.Load($RoleDefColl)
        $Ctx.ExecuteQuery()
    
        #Loop through all role definitions
        ForEach($RoleDef in $RoleDefColl)
        {
            Write-Host -ForegroundColor Green $RoleDef.Name
        }
     }
    Catch {
        write-host -f Red "Error getting permission Levels!" $_.Exception.Message
    }
}
 
#Set parameter values
$SiteURL="https://crescent.sharepoint.com/sites/Ops/"

#Call the function 
Get-SPOPermissionLevels -SiteURL $SiteURL 

This script gets you all the Permission Levels configured in the given SharePoint Online site collection.

SharePoint Online PowerShell to Get Permission Level

If you want to get a specific permission level in your PowerShell script, you can use:

#Get the permission level
$PermissionLevelName ="Read"
$PermissionLevel = $web.RoleDefinitions.GetByName($PermissionLevelName)
$Ctx.Load($PermissionLevel)
$Ctx.ExecuteQuery()

PnP PowerShell to Get Permission Levels in SharePoint Online

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get Permission levels
Get-PnPRoleDefinition

Similarly, to get a specific permission level, use:

#Get a Permission level
Get-PnPRoleDefinition -Identity "Read"

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

One thought on “SharePoint Online: Get All Permission Levels using PowerShell

  • Hi Salaudeen,

    Could you please help me to get all permission levels for all sites (Entire Tenant).

    Thanks,
    SV

    Reply

Leave a Reply